Experience with EMERALD to date

Authors:
Peter G. Neumann;Phillip A. Porras
Affiliations:
Computer Science Laboratory, SRI International, Menlo Park, CA;Computer Science Laboratory, SRI International, Menlo Park, CA
Venue:
ID'99 Proceedings of the 1st conference on Workshop on Intrusion Detection and Network Monitoring - Volume 1
Year:
1999

Citing 0
Cited 2

A real-time intrusion prevention system for commercial enterprise databases and file systems

AIKED'05 Proceedings of the 4th WSEAS International Conference on Artificial Intelligence, Knowledge Engineering Data Bases
Design and implementation of security system based on immune system

ISSS'02 Proceedings of the 2002 Mext-NSF-JSPS international conference on Software security: theories and systems

Quantified Score

Hi-index	0.00

Visualization

Abstract

After summarizing the EMERALD architecture and the evolutionary process from which EMERALD has evolved, this paper focuses on our experience to date in designing, implementing, and applying EMERALD to various types of anomalies and misuse. The discussion addresses the fundamental importance of good software engineering practice and the importance of the system architecture - in attaining detectability, interoperability, general applicability, and future evolvability. It also considers the importance of correlation among distributed and hierarchical instances of EMERALD, and needs for additional detection and analysis components.