A worldwide Internet usage growth rate of 380% larger than the period from 2000, the year of the dot-com bubble burst, until present indicates that Internet technology has become a foundation of our daily life. In the same period, cyber-crime has seen an incredible that makes sophisticated protection device for computers and networks an absolute necessity. Firewalls as the major defense of the last decade do not give sufficient protection anymore. This fact has given rise to the expansion of intrusion detection and prevention systems. Traditional intrusion detection systems are hasty in the sense that they use a set of signatures, which raise at the same rate as new technique are discovered, to identify malicious traffic patterns. Anomaly detection systems are another branch of intrusion detection systems that act more proactively. They get a model of the normal system performance and issue alerts whenever the behavior changes; making an appropriate assumption that such changes are frequently caused by malicious or disruptive events. Anomaly detection has been a ground of exhaustive research over the last years as it poses several challenging problems.