The ubiquity of the Internet connection to desktops has been both boon to business as well as cause for concern for the security of digital assets that may be unknowingly exposed. Firewalls have been the most commonly deployed solution to secure corporate assets against intrusions, but rewalls are vulnerable to errors in con guration, ambiguous security policies, data-driven attacks through allowed services, and insider attacks. The failure of rewalls to adequately protect digital assets from computer-based attacks has been boon to commercial intrusion detection tools. Two general approaches to detecting computer security intrusions in real-time are misuse detection and anomaly detection. Misuse detection attempts to detect known attacks against computer systems. Anomaly detection uses knowledge of users' normal behavior to detect attempted attacks. The primary advantage of anomaly detection over misuse detection methods is the ability to detect novel and unknown intrusions. This...
Anup K. Gosh, James Wanken, Frank Charron