Layered Approach & HMM for Network Based Intrusion Dection
In this, the authors are using two techniques together as signature based and anomaly based called as Hybrid technique. Anomaly detection, where the strategy is to suspect of what is considered an unusual activity for the subject (users, processes, etc.) and carry on further investigation. This approach is particularly effective against novel (i.e. previously unknown) attacks. Signature based detection systems detect previously known attack in a timely and efficient way. The main issue of this approach is that in order to detect an intrusion this must to be previously detected. This Hybrid technique gives better result than signature based and anomaly based technique.