NADIR: an automated system for detecting network intrusion and misuse
Computers and Security
Communications of the ACM
Testing and evaluating computer intrusion detection systems
Communications of the ACM
Towards a taxonomy of intrusion-detection systems
Computer Networks: The International Journal of Computer and Telecommunications Networking - Special issue on computer network security
Network Intrusion Detection: An Analyst's Handbook
Network Intrusion Detection: An Analyst's Handbook
A Neural Network Component for an Intrusion Detection System
SP '92 Proceedings of the 1992 IEEE Symposium on Security and Privacy
USTAT: A Real-Time Intrusion Detection System for UNIX
SP '93 Proceedings of the 1993 IEEE Symposium on Security and Privacy
SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
Cooperating security managers: a peer-based intrusion detection system
IEEE Network: The Magazine of Global Internetworking
Hi-index | 0.00 |
An intrusion into an information system tries to compromise the security of the system. Intrusion Detection Systems (IDSs) attempt to detect these intrusions.ï戮 ï戮 This paper discusses what an IDS requires from the target information system and how the IDS detects intrusions into the target information system. Specifically, we describe the architecture of a distributed host-based IDS developed at the Information and Systems Assurance Laboratory, Arizona State University.ï戮 ï戮 At each host machine in the information system we install an event data collector that collects and filters data of events from the host machine.ï戮 ï戮 The Centralized IDS Server receives the processed data and sends them to Individual Technique Servers.ï戮 ï戮 These Individual Technique Servers use different intrusion detection algorithms covering both anomaly detection techniques and signature recognition techniques.ï戮 ï戮 Each Individual Technique Server determines an intrusion warning (IW) level for each event.ï戮 ï戮 The Centralized IDS Server then integrates the IW levels from the Individual Technique Servers into a composite IW level, and provides it to the security administrator.