Investigating new approaches to data collection, management and analysis for network intrusion detection

Authors:
E. Joseph Derrick;Richard W. Tibbs;Larry Lee Reynolds
Affiliations:
Radford University, Radford VA;Radford University, Radford VA;Eastman Chemical Company, Kingsport, TN
Venue:
ACM-SE 45 Proceedings of the 45th annual southeast regional conference
Year:
2007

Citing 12
Cited 1

An Intrusion-Detection Model

IEEE Transactions on Software Engineering - Special issue on computer security and privacy
Security audit trail analysis using inductively generated predictive rules

Proceedings of the sixth conference on Artificial intelligence applications
A survey of intrusion detection techniques

Computers and Security
Fundamentals of computer security technology

Fundamentals of computer security technology
Network and Internet security

Network and Internet security
Classification and detection of computer intrusions

Classification and detection of computer intrusions
Intrusion detection systems and multisensor data fusion

Communications of the ACM
An introduction to intrusion detection

Crossroads - Special issue on computer security
Intrusion detection in wireless ad-hoc networks

MobiCom '00 Proceedings of the 6th annual international conference on Mobile computing and networking
Security Engineering: A Guide to Building Dependable Distributed Systems

Security Engineering: A Guide to Building Dependable Distributed Systems
A taxonomy of computer attacks with applications to wireless networks

A taxonomy of computer attacks with applications to wireless networks
Intrusion detection: a brief history and overview

Computer

Implementing IDS Management on Lock-Keeper

ISPEC '09 Proceedings of the 5th International Conference on Information Security Practice and Experience

Quantified Score

Hi-index	0.00

Visualization

Abstract

Primary facets of network intrusion detection systems include the collection, management, and analysis of intrusion data. In this paper, we provide an overview of an ongoing project at Radford University to investigate new and innovative approaches in these critical areas. In particular, we discuss using small, low cost embedded Linux devices as mobile, highly configurable, and collaborative sensors for the collection of the data. Since the data can be in massive quantities and its collection burdensome to the operational network, we also present the use of a wireless network for the transmission of the data to a separate server or management application for analysis, effectively offloading the data from and reducing the burden on the operational network. Finally, effective techniques for analysis need to be identified that will reduce false positive and false negative determinations of intrusions. We introduce our work in data mining techniques which seeks to improve accuracy in analysis.