A System Architecture for Computer Intrusion Detection

  • Authors:

  • Syed Masum Emran;Nong Ye

  • Affiliations:

  • Department of Computer Science and Engineering, Arizona State University, USA;Department of Industrial Engineering, Arizona State University, USA (Correspd. Dept. of Ind. Eng., Arizona State University, Box 875906, Tempe, Arizona 85287, USA. Tel.: +1 480 965 7812/ Fax: +1 4 ...

  • Venue:
  • Information-Knowledge-Systems Management
  • Year:
  • 2001

Quantified Score

Hi-index 0.00

Visualization

Abstract

An intrusion into an information system tries to compromise the security of the system. Intrusion Detection Systems (IDSs) attempt to detect these intrusions.ï戮 ï戮 This paper discusses what an IDS requires from the target information system and how the IDS detects intrusions into the target information system. Specifically, we describe the architecture of a distributed host-based IDS developed at the Information and Systems Assurance Laboratory, Arizona State University.ï戮 ï戮 At each host machine in the information system we install an event data collector that collects and filters data of events from the host machine.ï戮 ï戮 The Centralized IDS Server receives the processed data and sends them to Individual Technique Servers.ï戮 ï戮 These Individual Technique Servers use different intrusion detection algorithms covering both anomaly detection techniques and signature recognition techniques.ï戮 ï戮 Each Individual Technique Server determines an intrusion warning (IW) level for each event.ï戮 ï戮 The Centralized IDS Server then integrates the IW levels from the Individual Technique Servers into a composite IW level, and provides it to the security administrator.