As our reliance on computer networks grows, the need for better and more accurate intrusion detection systems to identify and contain attackers becomes a fundamental research topic.

In this thesis we will focus on the detection of three attack scenarios: spreading of active worms throught the Internet, distributed denial of service attacks and routing attacks to wireless ad hoc networks.

For the first two attacks we will determine anomalous changes in the network flow. For the third attack, we provide an abstract representation of a highly mobile ad hoc network in order to establish a baseline for detecting abnormalities generated by intrusions changing the behavior of the routing protocol. We consider these problems in the framework of sequential change detection theory as we want to detect the appearance of an attack early in its development.