Author
Teresa F. Lunt, Ann Tamaru, Fred Gilham, R. Jagannathan, Caveh Jalali, Peter G. Neumann
Abstract
SRI International has designed and developed a real-time intrusion -detection expert system (IDES). IDES is a stand alone system that observes user behavior on one or more monitored computer systems and flgs suspicious events. IDES monitors the activities of individual users, groups, remote hosts and entire systems, and detects suspected security violations, by both insiders and outsiders, as they occur. IDES adaptively learns users\' behavior patterns over time and detects behavior that deviates from these patterns. IDES also has a rule-based component that can be used to encode information about known system vulnerabilities and intrusion scenarios. Inegrating the two approaches makes IDES a comprehensive system for detecting intrusions as well as misuse by authorized users. IDES has been enhanced to run under GLU, a platform supporting distributed, parallel computation; GLU enhances configuration flexibility and system fault tolerance.
Thhis final reprt is deliverable item for work supported by the U.S. navy, SPAWAR, which funded SRI through U.S. Governement Contract No. N00039-89-C-0050.