Existing intrusion detection systems (IDS) have three shortcomings: 1) are mostly host-based and not scalable to high-speed networks � thus they cannot prevent the rapid propagation of the latest viruses/worms which can infect most vulnerable machines in the Internet in only ten minutes; 2) are mostly signature-based and unable to recognize unknown anomalies; and 3) are isolated or centralized systems.� To address these limitations, we propose HPNAIDM system with the following features: 1) online traffic recording and analysis on high-speed networks, 2) online statistical anomaly detection, 3) integrated approach for false positive reduction, 4) hardware speedup for real-time detection, and 5) scalable anomaly/intrusion alarm fusion from multiple sources.��
We also study the intrusion detection and mitigation problem on high-speed wireless networks, such as the 802.16 WiMAX networks.