An Overview of IDS Using Anomaly Detection

An Overview of IDS Using Anomaly Detection

Lior Rokach (Ben-Gurion University of the Negev, Israel) and Yuval Elovici (Ben-Gurion University of the Negev, Israel)
Copyright: © 2007 |Pages: 11
DOI: 10.4018/978-1-59140-991-5.ch038
OnDemand PDF Download:


Intrusion detection is the process of monitoring and analyzing the events occurring in a computer system in order to detect signs of security problems. The problem of intrusion detection can be solved using anomaly detection techniques. For instance, one is given a set of connection data belonging to different classes (normal activity, different attacks) and the aim is to construct a classifier that accurately classifies new unlabeled connections data. Clustering methods can be used to detect anomaly in data which might implies intrusion of a new type. This chapter gives a critical summary of anomaly detection research for intrusion detection. This chapter surveys a list of research projects that apply anomaly detection techniques to intrusion detection. Finally some directions for research are given.

Complete Chapter List

Search this Book:
Table of Contents
Andrew Colarik, Lech Janczewski
Lech Janczewski, Andrew Colarik
Introduction to Cyber Warfare and Cyber Terrorism
Chapter 1
Kevin Curran, Kevin Concannon, Sean McKeever
Cyber terrorism is the premeditated, politically motivated attacks against information, computer systems, computer programs, and data which result... Sample PDF
Cyber Terrorism Attacks
Chapter 2
Gil Ariely
This chapter applies the conceptual framework of knowledge management (and vehicles familiar from that discipline) to analyze various aspects of... Sample PDF
Knowledge Management, Terrorism, and Cyber Terrorism
Chapter 3
Kenneth J. Knapp, William R. Boulton
This chapter discusses the rapid entry of information conflicts into civilian and commercial arenas by highlighting 10 trends in information... Sample PDF
Ten Information Warfare Trends
Chapter 4
John H. Nugent, Mahesh Raisinghani
This chapter examines briefly the history of warfare, and addresses the likelihood that in the future wars may well be fought, and won or lost not... Sample PDF
Bits and Bytes vs. Bullets and Bombs: A New Form of Warfare
Chapter 5
Robert S. Owen
Discussions of cyber warfare tend to focus on weakening or disrupting a physical critical core infrastructure. Critical infrastructures are systems... Sample PDF
Infrastructures of Cyber Warfare
Chapter 6
M. J. Warren
The new millennium has had a major impact, the world in which we live is changing. The information society is becoming a global society, the growth... Sample PDF
Terrorism and the Internet
Chapter 7
Steganography  (pages 50-56)
Merrill Warkentin, Mark B. Schmidt, Ernst Bekkering
Steganography, the process of hiding information, can be used to embed information or messages in digital files. Some uses are legitimate, such as... Sample PDF
Chapter 8
Cryptography  (pages 57-64)
Kevin Curran, Niall Smyth, Bryan McGrory
One of the main methods of security is cryptography encrypting data so that only a person with the right key can decrypt it and make sense of the... Sample PDF
Chapter 9
Kassem Saleh, Imran Zualkerman, Ibrahim Al Kattan
Due to the proliferations of computers and networks, organizations are providing many of their services online. Consequently, organizations are... Sample PDF
A Roadmap for Delivering Trustworthy IT Processes
Chapter 10
Neil Gandal
Software security is an important concern for vendors, consumers, and regulators since attackers who exploit vulnerabilities can cause significant... Sample PDF
An Introduction to Key Themes in the Economics of Cyber Security
Chapter 11
Manish Gupta, H. R. Rao
In recent times, reliance on interconnected computer systems to support critical operations and infrastructures and, at the same time, physical and... Sample PDF
Role of FS-ISAC in Countering Cyber Terrorism
Chapter 12
Neil C. Rowe, E. John Custy
Cyberspace, computers, and networks are now potential terrain of warfare. We describe some effective forms of deception in cyberspace and discuss... Sample PDF
Deception in Cyber Attacks
Chapter 13
Neil C. Rowe
While computer systems can be quite susceptible to deception by attackers, deception by defenders has increasingly been investigated in recent... Sample PDF
Deception in Defense of Computer Systems from Cyber Attack
Chapter 14
Neil C. Rowe
Offensive cyber warfare raises serious ethical problems for societies, problems that need to be addressed by policies. Since cyber weapons are so... Sample PDF
Ethics of Cyber War Attacks
Chapter 15
Kirk St.Amant
An individual’s personal information can be a valuable commodity to terrorists. With such data, terrorists can engage in a variety of illicit... Sample PDF
International Outsourcing, Personal Data, and Cyber Terrorism: Approaches for Oversight
Chapter 16
Romuald Thion
The information gathering process in cyber-warfare is as important as in real warfare. Once blackhats or cyber-terrorists aimed at an organization... Sample PDF
Network-Based Passive Information Gathering
Chapter 17
Konstantinos Robotis, Theodoros Tzouramanis
This chapter discusses electronic money management via modern payment processing systems. The protocols and architectures of modern payment... Sample PDF
Electronic Money Management in Modern Online Businesses
Chapter 18
Krzysztof Woda
There exist many connections between money laundering and terrorism financing concerning illicit practices for fundraising, transfer or withdrawal... Sample PDF
The Analysis of Money Laundering Techniq
Chapter 19
Dionysios V. Politis, Konstantinos P. Theodoridis
Economists and regulators, along with the Internet community as a whole, are involved in confronting illegal promotional strategies that may... Sample PDF
Spam, Spim, and Illegal Advertisement
Chapter 20
Stefan Kiltz, Andreas Lang, Jana Dittmann
The Trojan horse can be used in cyber-warfare and cyber-terrorism, as recent attacks in the field of industrial espionage have shown. To coordinate... Sample PDF
Malware: Specialized Trojan Horse
Chapter 21
Theodoros Tzouramanis
Anomaly Detection; Cookie Poisoning; CRLF Injection Attack; Cross-Site Scripting (or CSS) Attack Database Administrator (DBA); Database Management... Sample PDF
SQL Code Poisoning: The Most Prevalent Technique for Attacking Web Powered Databases
Chapter 22
Kevin Curran, Steven McIntyre, Hugo Meenan, Ciaran Heaney
Modern technology is providing unprecedented opportunities for surveillance. Employers can read e-mail, snoop on employee’s computer files, and... Sample PDF
Electronic Surveillance and Civil Rights
Chapter 23
Social Engineering  (pages 182-190)
B. Bhagyavati
This chapter will present a detailed view of social engineering and why it is important for users to beware of hackers using this technique. What... Sample PDF
Social Engineering
Chapter 24
Social Engineering  (pages 191-198)
Michael Aiello
Traditionally, “social engineering” is a term describing “efforts to systematically manage popular attitudes and social behavior on a large scale”... Sample PDF
Social Engineering
Chapter 25
Isabelle J. Fagnot
The effectiveness of information security can be substantially limited by inappropriate and destructive human behaviors within an organization. As... Sample PDF
Behavioral Information Security
Chapter 26
Shuyuan Mary Ho
Recent threats to prominent organizations have greatly increased social awareness of the need for information security. Many measures have been... Sample PDF
Toward a Deeper Understanding of Personnel Anomaly Detection
Chapter 27
Alok Mishra, Deepti Mishra
Cyber stalking is a relatively new kind of cyber terrorism crime. Although it often receives a lower priority then cyber terrorism it is an... Sample PDF
Cyber Stalking: A Challenge for Web Security
Chapter 28
Cyber Security Models  (pages 228-240)
Norman F. Schneidewind
Predictive models for estimating the occurrence of cyber attacks are desperately needed to counteract the growing threat of cyber terrorism.... Sample PDF
Cyber Security Models
Chapter 29
Murray E. Jennex
Cyber war is real and is being waged. Cyber terrorists and cyber warriors are attacking systems, but fortunately, they are attacking systems in much... Sample PDF
Cyber War Defense: Systems Development with Integrated Security
Chapter 30
Hsin-Yang Lu, Chia-Jung Tsui, Joon S. Park
The term “spam” refers to unsolicited bulk e-mail that people do not want to receive. Today it is gradually becoming a serious problem that results... Sample PDF
Antispam Approaches Against Information Warfare
Chapter 31
Georg Disterer, Ame Alles, Axel Hervatin
Since denial-of-service (DoS) attacks are a major threat to e-commerce, waves of DoS attacks against prominent Web pages gained wide publicity.... Sample PDF
Denial-of-Service (DoS) Attacks: Prevention, Intrusion Detection, and Mitigation
Chapter 32
André Årnes
Network monitoring is becoming increasingly important, both as a security measure for corporations and organizations, and in an infrastructure... Sample PDF
Large-Scale Monitoring of Critical Digital Infrastructures
Chapter 33
Ioannis P. Chochliouros, Stergios S. Chochliouros, Anastasia S. Spiliopoulou, Evita Lampadari
The work investigates some “core” features of public key infrastructures (PKI), including fundamental technologies and infrastructures, within the... Sample PDF
Public Key Infrastructures as a Means for Increasing Network Security
Chapter 34
Mark R. Leipnik
Geographic information systems (GIS) are defined and discussed both in general and specifically with reference to their applications in three... Sample PDF
Use of Geographic Information Systems in Cyber Warfare and Cyber Counterterrorism
Chapter 35
Gang Gong, Mark R. Leipnik
Remote sensing refers to the acquisition of information at a distance. More specifically, it has come to mean using aerial photographs or sensors on... Sample PDF
Use of Remotely Sensed Imagery in Cyber Warfare and Cyber Counterterrorism
Chapter 36
Hacking and Eavesdropping  (pages 307-317)
Kevin Curran, Peter Breslin, Kevin McLaughlin, Gary Tracey
Many self-proclaimed hackers would actually consider themselves to be performing a service to businesses as they claim they are simply showing... Sample PDF
Hacking and Eavesdropping
Chapter 37
Access Control Models  (pages 318-326)
Romuald Thion
Access control, or authorization, is arguably the most fundamental and most pervasive security mechanism in use today in computer systems. In... Sample PDF
Access Control Models
Chapter 38
Lior Rokach, Yuval Elovici
Intrusion detection is the process of monitoring and analyzing the events occurring in a computer system in order to detect signs of security... Sample PDF
An Overview of IDS Using Anomaly Detection
Chapter 39
Andrews Samraj
The bio-cyber machine gun (BCMG) is a defensive tool used to protect misuse of authentication, access control, and aid cryptography and information... Sample PDF
Bio-Cyber Machine Gun: A New Mode of Authentication Access Using Visual Evoked Potentials
Chapter 40
Bechara Al Bouna, Richard Chbeir
Cyber terrorism is one of the emergent issues to handle in the domain of security and access control models. Cyber Terrorist attacks on information... Sample PDF
Content-Based Policy Specification for Multimedia Authorization and Access Control Model
Chapter 41
Data Mining  (pages 358-365)
Mark Last
Data mining is a growing collection of computational techniques for automatic analysis of structured, semi-structured, and unstructured data with... Sample PDF
Data Mining
Chapter 42
André Årnes
A central issue in assessing and responding to an attack on the Internet is the identification and localization of the attackers. In information... Sample PDF
Identification and Localization of Digital Addresses on the Internet
Chapter 43
Diego Liberati
Four main general purpose approaches inferring knowledge from data are presented as a useful pool of at least partially complementary techniques... Sample PDF
Identification Through Data Mining
Chapter 44
Murray E. Jennex
Cyber war and cyber terrorism is real and is being waged. Cyber terrorists and cyber warriors are attacking systems and succeeding in their attacks.... Sample PDF
A Model for Emergency Response Systems
Chapter 45
Bouncing Techniques  (pages 392-396)
Stéphane Coulondre
Police investigation methods and tools are very efficient today in tracking down a cyber-attack. As a consequence, skilled cyber-terrorists now use... Sample PDF
Bouncing Techniques
Chapter 46
Cyber Forensics  (pages 397-402)
Stéphane Coulondre
Nowadays, terrorists master technology. They often use electronic devices that allow them to act without being physically exposed. As a consequence... Sample PDF
Cyber Forensics
Chapter 47
Joon S. Park, Joseph Giordano
The need for software component survivability is pressing for mission-critical systems in information warfare. In this chapter, we describe how... Sample PDF
Software Component Survivability in Information Warfare
Chapter 48
Ioannis P. Chochliouros, Anastasia S. Spiliopoulou, Stergios P. Chochliouros
Europe has entered a new phase of growth in its history, and characterized by the fast deployment of modern electronic communications networks and... Sample PDF
Measures for Ensuring Data Protection and Citizen Privacy Against the Threat of Crime and Terrorism: The European Response
Chapter 49
Stefan Kiltz, Andreas Lang, Jana Dittmann
The adaptation and extension is necessary to apply the CERT-taxonomy to malware in order to categorise the threat (e.g., Trojan horses, Viruses... Sample PDF
Taxonomy for Computer Security Incidents
Chapter 50
EU Tackles Cybercrime  (pages 431-438)
Sylvia Mercado Kierkegaard
The growing importance of information and communication infrastructure opens up new opportunities for criminal activities. The European Union has... Sample PDF
EU Tackles Cybercrime
Chapter 51
Richard J. Kilroy Jr.
The United States military has taken a number of steps to confront the threat of cyber warfare. These include organizational, operational, and... Sample PDF
The U.S. Military Response to Cyber W
Chapter 52
Norman Schneidewind
There is little evidence that the world is more secure from a major cyber attack than in 2000 because attacks on the Internet go on unabated . In... Sample PDF
USA's View on World Cyber Security Issues
Chapter 53
ECHELON and the NSA  (pages 453-468)
D. C. Webb
Communication via electronic systems such as telephones, faxes, e-mail, computers, etc., has enormously increased the volume and ease with which... Sample PDF
Chapter 54
Sylvia Mercado Kierkegaard
The Internet’s global character and the increasing pressure from industries have prompted legislators to sort-out cross border cybercrime issues... Sample PDF
International Cybercrime Convention
About the Editors