Anomaly-based network intrusion detection: Techniques, systems and challenges

P. García-Teodoro, J. Díaz-Verdejo, G. Maciá-Fernández, E. Vázquez
2009 Computers & security  
Threat Intrusion detection Anomaly detection IDS systems and platforms Assessment a b s t r a c t The Internet and computer networks are exposed to an increasing number of security threats. With new types of attacks appearing continually, developing flexible and adaptive security oriented approaches is a severe challenge. In this context, anomaly-based network intrusion detection techniques are a valuable technology to protect target systems and networks against malicious activities. However,
more » ... spite the variety of such methods described in the literature in recent years, security tools incorporating anomaly detection functionalities are just starting to appear, and several important problems remain to be solved. This paper begins with a review of the most well-known anomaly-based intrusion detection techniques. Then, available platforms, systems under development and research projects in the area are presented. Finally, we outline the main challenges to be dealt with for the wide scale deployment of anomaly-based intrusion detectors, with special emphasis on assessment issues. (J. Díaz-Verdejo), gmacia@ugr.es (G. Maciá -Ferná ndez), enrique@ dit.upm.es (E. Vá zquez). a v a i l a b l e a t w w w . s c i e n c e d i r e c t . c o m j o u r n a l h o m e p a g e : w w w . e l s e v i e r . c o m / l o c a t e / c o s e 0167-4048/$ -see front matter ª c o m p u t e r s & s e c u r i t y 2 8 ( 2 0 0 9 ) 1 8 -2 8 Enrique Vá zquez received his M.Sc. and Ph.D. degrees in Telecommunication Engineering from the Technical University of Madrid, Spain, in 1983 and 1987, respectively. Presently, he is a full professor in the Department of Telematic Engineering of the Technical University of Madrid. He has worked in Spanish and European R&D projects on several areas of telecommunications and computer networks, including protocol performance evaluation, traffic engineering, mobile networks, network convergence, and network security. c o m p u t e r s & s e c u r i t y 2 8 ( 2 0 0 9 ) 1 8 -2 8
doi:10.1016/j.cose.2008.08.003 fatcat:sm4ygjfx4rdvxmjmoqhmkc2ecm