Proceedings of the 2001 workshop on New security paradigms
Journal of Network and Systems Management
A smart IDS and response system for the internet malicious worm
International Journal of Wireless and Mobile Computing
Evaluation of Intrusion Detection Systems Under a Resource Constraint
ACM Transactions on Information and System Security (TISSEC)
An abstract interface for cyber-defense mechanisms
Proceedings of the 4th annual workshop on Cyber security and information intelligence research: developing strategies to meet the cyber security and information intelligence challenges ahead
Quickest change detection in multiple on-off processes: switching with memory
Allerton'09 Proceedings of the 47th annual Allerton conference on Communication, control, and computing
Hi-index | 0.09 |
The importance of information system security, particularly as it applies to the Internet, is obvious. Each day the news media report yet another security breach-sometimes a localized single crime or prank at others, a denial-of-service attack affecting millions of people. As electronic commerce becomes increasingly pervasive, the subject can only become more critical. One of the more interesting techniques for enhancing information system security is detecting that an intrusion has taken place. Although intrusion-detection systems have been a part of the information security landscape for over 25 years, their proper role in the overall security picture is often misunderstood. They are not preventative security measures. Most often, they are used as active security mechanisms in conjunction with other (passive) information assurance processes like firewalls, smart cards, and virtual private networks. In practice, an intrusion-detection system (IDS) attempts to detect attacks or attack preparations by monitoring either the traffic on a computer network or the application or operating system activities within a computer. Once such behavior is detected, the IDS may alert a security administrator or it may invoke an automated response (such as closing down external communication paths or initiating a mechanism to trace the source of an attack). If an IDS detects attack behavior soon enough, it might be able to invoke a response to thwart the attack.