An approach to intrusion detection that establishes a baseline model of behavior for users and components in a computer system or network. Deviations from the baseline cause alerts that direct the attention of human operators to the anomalies. See IDS and anomaly.
 | Reproduced with permission from Computer Desktop Encyclopedia. Copyright (c) 1981-2009 The Computer Language Company Inc. All rights reserved. |
Additional Resources
- An Anomaly-Based Intrusion Detection Architecture to Secure Wireless Networks
- Ensuring that the appropriate level of security is available in wireless networks is absolutely essential. To aid in the defense and detection of potential threats, WLANs should employ security solutions that include an anomaly-based intrusion detection system ADS that identify wireless network intrusions by gathering and analyzing the data that...
- White papers 2009-07-08
- A Multi-Layered Approach to the Design of Intelligent Intrusion Detection and Prevention System (IIDPS)
- Ignoring security threats can have serious consequences; therefore host machines in network must continually be monitored for intrusions since they are the final endpoint of any network. As a result, this paper presents an Intelligent Intrusion Detection and Prevention System IIDPS, which monitors a single host system from three different...
- White papers 2009-05-21
- Data Fusion and Cost Minimization for Intrusion Detection
- Statistical pattern recognition techniques have recently been shown to provide a finer balance between misdetections and false alarms than the more conventional intrusion detection approaches, namely misuse detection and anomaly detection. A variety of classical machine learning and pattern recognition algorithms has been applied to intrusion detection with varying levels...
- White papers 2009-01-26
- Detecting Pulsing Denial-of-Service Attacks With Nondeterministic Attack Intervals
- This paper addresses the important problem of detecting Pulsing Denial of Service PDoS attacks which send a sequence of attack pulses to reduce TCP throughput. Unlike previous works which focused on a restricted form of attacks, one considers a very broad class of attacks. In particular, the attack model admits...
- White papers 2009-01-21
- Rule-Based Anomaly Detection on IP Flows
- Rule-based packet classification is a powerful method for identifying traffic anomalies, with network security as a key application area. While popular systems like Snort are used in many network locations, comprehensive deployment across Tier-1 service provider networks is costly due to the need for high-speed monitors at many network ingress...
- White papers 2009-01-20
- Experiences With Specification-Based Intrusion Detection
- Specification-based intrusion detection, where manually specified program behavioral specifications are used as a basis to detect attacks, have been proposed as a promising alternative that combine the strengths of misuse detection accurate detection of known attacks and anomaly detection ability to detect novel attacks. However, the question of whether this...
- White papers 2009-01-01
- Network-Based Intrusion Detection Using Unsupervised Adaptive Resonance Theory (ART)
- This paper introduces the Unsupervised Neural Net based Intrusion Detector UNNID system, which detects network-based intrusions and attacks using unsupervised neural networks. The system has facilities for training, testing, and tunning of unsupervised nets to be used in intrusion detection. Using the system, the author tested two types of unsupervised...
- White papers 2009-01-01
- Athena FirePac 2.0 (Windows)
- Athena FirePac is an affordable, easy to use and install, firewall analysis tool with three essential must-have capabilities for every network engineer. Policy Analysis - a remarkably straightforward way to understand all the services allowed to, from or through a device. Anomaly Detection - the industry's most thorough display of...
- Software downloads 2008-10-08
- Flow Based Network Intrusion Detection System Using Hardware-Accelerated NetFlow Probes
- Current network intrusion detection methods based on anomaly detection approaches suffer from comparatively higher error rate and low performance. Proposed flow based network intrusion detection system addresses these issues by using hardware-accelerated probes to collect unsampled NetFlow data from gigabit-speed network links and combining several anomaly detection algorithms by means...
- White papers 2008-09-30
- Correlation-Based Load Balancing for Network Intrusion Detection and Prevention Systems
- In large-scale enterprise networks, multiple network intrusion detection and prevention systems are used to provide high quality protections. In this context, keeping load evenly distributed among the systems is crucial. This is because even load distributions provide protection to the networks and improve the networks' quality of service. A challenging...
- White papers 2008-09-25
- Webmail providers can fix Palin hack-style problems
- Webmail providers can fix Palin hack-style problemsWhile I do agreeMuch can be done to improve web mail security, your point of improving knowledge mechanisms to a person's email will only work for those who have to dig for information on a person. Aren't a large portion of hacks started...
- Discussion threads 2008-09-22
- Webmail providers can fix Palin hack-style problems
- One of the most important questions we should be asking ourselves in light of the Palin webmail hack discussed at length here, here and here is how it could have been prevented. There are several software techniques that I can think of off the top of my head that...
- Blog posts 2008-09-21
- Novel Intrusion Prevention and Detection Methods
- Analysis of contemporary Information Security Systems ISS and especially the case of Intrusion Detection Systems IDS shows one few character negative features and drawbacks. Original methods and combined anomaly and signature IDS applications are presented in the paper. Human-centered methods INCONSISTENCY, FUNNEL, CALEIDOSCOPE and CROSSWORD interact on a competitive principle...
- White papers 2008-09-08
- Anomaly Intrusion Detection System Using Hierarchical Gaussian Mixture Model
- Intrusion Detection Systems have been widely used to overcome security threats in computer networks and to identify unauthorized use, misuse, and abuse of computer systems. Anomaly-based approaches in Intrusion Detection Systems have the advantage of being able to detect unknown attacks; they look for patterns that deviate from the normal...
- White papers 2008-08-01
- My Awesome IT Job: Senior security engineer, VoIP carrier
- Hey, we all complain about work from time to time; we've all had lousy jobs. But before you call it a day and head off to the support group that meets at the bar, here are a few words from IT pros that love their work. "I...
- Blog posts 2008-07-18
- Modeling an Intrusion Detection System Using Data Mining and Genetic Algorithms Based on Fuzzy Logic
- Fuzzy logic based methods together with the techniques from Artificial Intelligence have gained importance. Data mining techniques like clustering techniques, Association rules together with fuzzy logic to model the fuzzy association rules are being used for classifying data. These together with the techniques of genetic algorithms like genetic programming are...
- White papers 2008-07-01
- Anomaly? Application Change? or Workload Change? - Towards Automated Detection of Application Performance Anomaly and Change
- Automated tools for understanding application behavior and its changes during the application life-cycle are essential for many performance analysis and debugging tasks. Application performance issues have an immediate impact on customer experience and satisfaction. A sudden slowdown of enterprise-wide application can effect a large population of customers, lead to delayed...
- White papers 2008-06-21
- Boosting Web Intrusion Detection Systems by Inferring Positive Signatures
- This paper presents a new approach to anomaly-based network intrusion detection for web applications. This approach is based on dividing the input parameters of the monitored web application in two groups: the "Regular" and the "Irregular" ones, and applying a new method for anomaly detection on the "Regular" ones based...
- White papers 2008-06-15
- MARS - Cisco Security Monitoring, Analysis, and Response System v3.0
- View Available Dates and LocationsCisco Security Monitoring, Analysis, and Response System MARS is a family of high-performance, scalable appliances for threat management, monitoring, and mitigation that enables you to make more effective use of network and security devices by combining network intelligence, context correlation, vector analysis, ...
- Training 2008-06-01
- CAMNEP: Agent-Based Network Intrusion Detection System
- This paper presents a prototype of agent-based intrusion detection system designed for deployment on high-speed backbone networks. The main contribution of the system is the integration of several anomaly detection techniques by means of collective trust modeling within a group of collaborative detection agents, each featuring a specific detection algorithm....
- White papers 2008-05-16
Neighboring Terms
Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors
- The best support in the Linux business
-
If Linux is going to power your mission-critical applications, you'd better have the best support known to business. Novell was rated the top provider of Linux technical support.
- Learn more >>
- Keep Up With The Latest In Document Management with The DocuMentor.
-
Doc delivers the scoop on today's enterprise content management, printer maintenance, and all other issues related to document management. It's the DocuMentor Blog.
- Learn more >>
- The more you simplify, the more you save
-
When you transition from your existing Red Hat environment to SUSE Linux Enterprise from Novell, you can recognize dramatic cost savings, perhaps as much 50%
- Learn more >>
- The best support in the Linux business
-
If Linux is going to power your mission-critical applications, you'd better have the best support known to business. Novell was rated the top provider of Linux technical support.
- Learn more >>
Meet Doc
-
-
Here to help you with your Document Management Needs
- Check out Doc’s Blog on ZDNet
- Help your company, help the earth I want to share with you the Environmental Defense Fund Paper Calculator, which allows you to gauge your organization's environmental impact.
- Which is Greener: Paper or Digital? The Answer May Surprise You Anything we can do to reduce paper consumption is good. But what about the impact of digital waste?
-
Produced by
ZDNet and -
