A System for Distributed Intrusion Detection

Get BibTex-formatted data

Author

Steven R. Snapp,James Bretano,Gihan V. Dias,et al.

Entry type

article

Abstract

The study of providing security in computer networks is a rapidly growing area of interest because the network is the medium over which most attacks or intrusions on computer systems are launched. One approach to solving this problem is the "intrusion-detection" concept, whose basic premise is that not only abandoning the existing and huge infrastructure of possibly-insecure computer and network systems is impossible, but also replacing them by totally-secure systems may not be feasible or cost effective. Previous work on intrusion detection systems were performed on stand-alone hosts and on a broadcast local area network (LAN) environment. The focus of our present research is to extend our network intrusion-detection concept from the LAN environment to arbitrarily wider areas with the network topology being arbitary as well. The generalized distributed environment is heterogeneous, i.e., the network nodes can be hosts or servers from different vendors, or some of them could be LAN managers, like our previous work, a network security monitor (NSM), as well. The proposed architecture for this distributed intrusion-detection system consists of the following components: a host manager (viz. a monitoring process or collection of processes running in background) in each host; a LAN manager for monitoring each LAN in the system; and a central manager which receives reports from various host and LAN managers to process these reports, correlate them, and detect intrusions.

Date

1991 – February

URL

http://ieeexplore.ieee.org/sta ... =128802&isnumber=3600

Institution

IEEE

Journal

COMPCON Spring

Key alpha

Snapp

Pages

170-176

Publication Date

2001-01-01

BibTex-formatted data

To refer to this entry, you may select and copy the text below and paste it into your BibTex document. Note that the text may not contain all macros that BibTex supports.

@Article{ Snapp,
	title = "A System for Distributed Intrusion Detection",
	author = "Steven R. Snapp,James Bretano,Gihan V. Dias,et al.",
	year = "1991",
	month = "February",
	institution = "IEEE",
	journal = "COMPCON Spring ",
	pages = "170-176",
	abstract = "The study of providing security in computer networks is a rapidly growing area
of interest because the network is the medium over which most attacks or intrusions
on computer systems are launched. One approach to solving this problem is the
"intrusion-detection" concept, whose basic premise is that not only abandoning the
existing and huge infrastructure of possibly-insecure computer and network systems
is impossible, but also replacing them by totally-secure systems may not be feasible
or cost effective. Previous work on intrusion detection systems were performed on
stand-alone hosts and on a broadcast local area network (LAN) environment. The
focus of our present research is to extend our network intrusion-detection
concept from the LAN environment to arbitrarily wider areas with the network
topology being arbitary as well. The generalized distributed environment is
heterogeneous, i.e., the network nodes can be hosts or servers from different
vendors, or some of them could be LAN managers, like our previous work, a network
security monitor (NSM), as well. The proposed architecture for this distributed
intrusion-detection system consists of the following components: a host manager
(viz. a monitoring process or collection of processes running in background) in
each host; a LAN manager for monitoring each LAN in the system; and a central
manager which receives reports from various host and LAN managers to process
these reports, correlate them, and detect intrusions.",
	url = "http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=128802&isnumber=3600",
}