ABSTRACT

Nowadays the vast majority of computers are connected to the Internet. A number of applications used by billions of users on a day-to-day basis including email, Web browsing, video/audio streaming, social networking, online gaming, e-commerce, and online chatting rely on the Internet. At the same time, network intrusions have become a severe threat to the privacy and safety of computer users. Each year, millions of malicious cyber attacks are reported [64, 145]. Attacks are becoming more sophisticated and stealthy, driven by an “underground economy” [65]. By definition, network intrusions are unwanted traffic or computer activities that may be malicious or destructive, including viruses, worms, trojan horses, port scanning, password guessing, code injection, and session hijacking. The consequences of a network intrusion can be user identity theft (ID theft), unwanted advertisement and commercial emails (spam), the degradation or termination of the host service (denial of service), or using fraudulent sources to obtain sensitive information from users (phishing). Network intrusions are usually accomplished with the assistance of malicious code (a.k.a. malware). In recent years, network intrusions have become more sophisticated and organized. Attackers can control a large number of compromised hosts/devices to form botnets [5], and then launch organized attacks, such as distributed denial of service.