Modernnetworksystemshavemuchtroubleinsecurityvulnerabilitiessuchasbufferoverflow,bugsinMicrosoftInternet,sensornetworkroutingprotocoltoosimple,securityflawsofapplications,andoperatingsystems.Moreover,wirelessdevicessuchassmartphones,personaldigitalassistants(PDAs),andsensorshavebecomeeconomicallyfeasiblebecauseoftechnologicaladvancesinwirelesscommunicationandmanufacturingofsmallandlow-costsensors.Therearetypologiesofvulnerabilitiestobeexploitedinthesedevices.Inordertoimprovesecurities,manymechanismsareadopted,includingauthentication,cryptography,accesscontrol,andintrusiondetectionsystems(IDS).Ingeneral,intrusiondetectiontechniquescanbecategorizedintotwogroups:misusedetectionandanomalydetection.Themisusedetectionsystemsusepatternsofwell-knownattacksorweakspotsofthesystemstoidentifyintrusions.Theweaknessofmisusedetectionsystemsisunabletodetectanyfuture(unknown)intrusionuntilcorrespondingattacksignaturesareintrudedintothesignaturedatabase.Anomalydetectionmethodstrytodeterminewhetherthedeviationisfromtheestablishednormalusagepatternsornot.Thecriticalsuccessofanomalydetectionreliesonthemodelofnormalbehaviors.
