An overview of anomaly detection techniques: Existing solutions and latest technological trends

نویسندگان

  • Animesh Patcha
  • Jung-Min Park
چکیده

As advances in networking technology help to connect the distant corners of the globe and as the Internet continues to expand its influence as a medium for communications and commerce, the threat from spammers, attackers and criminal enterprises has also grown accordingly. It is the prevalence of such threats that has made intrusion detection systems—the cyberspace’s equivalent to the burglar alarm—join ranks with firewalls as one of the fundamental technologies for network security. However, today’s commercially available intrusion detection systems are predominantly signature-based intrusion detection systems that are designed to detect known attacks by utilizing the signatures of those attacks. Such systems require frequent rule-base updates and signature updates, and are not capable of detecting unknown attacks. In contrast, anomaly detection systems, a subset of intrusion detection systems, model the normal system/network behavior which enables them to be extremely effective in finding and foiling both known as well as unknown or ‘‘zero day’’ attacks. While anomaly detection systems are attractive conceptually, a host of technological problems need to be overcome before they can be widely adopted. These problems include: high false alarm rate, failure to scale to gigabit speeds, etc. In this paper, we provide a comprehensive survey of anomaly detection systems and hybrid intrusion detection systems of the recent past and present. We also discuss recent technological trends in anomaly detection and identify open problems and challenges in this area. 2007 Elsevier B.V. All rights reserved.

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

An overview of the status, trends and challenges of freshwater fish research and conservation in Malaysia

Freshwater fish biodiversity is a precious natural asset in terms of economic, cultural and scientific interest. And yet, the inland freshwater ecosystem in Malaysia is declining at a far greater rate than terrestrial ecosystems in the tropics. What happened, and what is being done to address the crisis? This paper extracts findings from the latest literature and explores overarching issues per...

متن کامل

Incremental Approaches for Network Anomaly Detection: Existing Solutions and Challenges

As the communication industry has connected distant corners of the globe using advances in network technology, intruders or attackers have also increased attacks on networking infrastructure commensurately. System administrators can attempt to prevent such attacks using intrusion detection tools and systems. There are many commercially available signature-based Intrusion Detection Systems (IDSs...

متن کامل

A report on the latest trends in nanofluid research

The term Nanofluids was first coined by Sir Stephen Choi in 1995 at Argonne National Laboratory ,U.S.A .Since the discovery, nanofluid have been explored as heat transfer fluids. Nanofluids increased the thermal conductivity of existing coolants (Water, Ethylene glycol) by a magnitude of hundred times which made them attractive for miniaturization of electronic devices .From 1995 till 2008 nano...

متن کامل

A report on the latest trends in nanofluid research

The term Nanofluids was first coined by Sir Stephen Choi in 1995 at Argonne National Laboratory ,U.S.A .Since the discovery, nanofluid have been explored as heat transfer fluids. Nanofluids increased the thermal conductivity of existing coolants (Water, Ethylene glycol) by a magnitude of hundred times which made them attractive for miniaturization of electronic devices .From 1995 till 2008 nano...

متن کامل

Moving dispersion method for statistical anomaly detection in intrusion detection systems

A unified method for statistical anomaly detection in intrusion detection systems is theoretically introduced. It is based on estimating a dispersion measure of numerical or symbolic data on successive moving windows in time and finding the times when a relative change of the dispersion measure is significant. Appropriate dispersion measures, relative differences, moving windows, as well as tec...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:
  • Computer Networks

دوره 51  شماره 

صفحات  -

تاریخ انتشار 2007