Technical Field
This disclosure relates to security, and particularly to a network intrusion detection systems and methods.
Related Art
Many systems attempt to detect unauthorized intrusions through rule-based tools to detect expert-derived signatures or anomaly-based processes that compare behavior to a baseline behavior. Both approaches require human analysts to detect and identify the significance and nature of one or more intrusions after the intrusions occur. Further, each exploit may have a number of signatures or variations in behavior making it difficult to identify particular patterns of traffic that are common to the intrusions. Another problem in detecting unauthorized intrusions is that some malicious traffic is not abnormal and some non-malicious traffic tends to be anomalous. As a result, prior art computer based intrusion detection systems may be ineffective and render a high number of false positive alerts.