University of Bahrain
Intrusion Detection System (IDS) play an important role in network security, protecting systems and infrastructures from malicious attacks. With the emerging of novel threats and offensive mechanisms, IDS require updates in order to efficiently detect new menaces. In this paper, they propose an anomaly-based detection model designed for particular application protocols, exploited by emerging menaces known as slow Denial of Service (DoS) attacks. They define parameters characterizing network traffic and they describe in detail how to extrapolate the users' from a network traffic capture.