A Real-Time Intrusion-Detection Expert System (IDES)

Get BibTex-formatted data

Author

Teresa F. Lunt, Ann Tamaru, Fred Gilham, R. Jagannathan, Caveh Jalali, Peter G. Neumann

Entry type

techreport

Abstract

SRI International has designed and developed a real-time intrusion -detection expert system (IDES). IDES is a stand alone system that observes user behavior on one or more monitored computer systems and flgs suspicious events. IDES monitors the activities of individual users, groups, remote hosts and entire systems, and detects suspected security violations, by both insiders and outsiders, as they occur. IDES adaptively learns users\' behavior patterns over time and detects behavior that deviates from these patterns. IDES also has a rule-based component that can be used to encode information about known system vulnerabilities and intrusion scenarios. Inegrating the two approaches makes IDES a comprehensive system for detecting intrusions as well as misuse by authorized users. IDES has been enhanced to run under GLU, a platform supporting distributed, parallel computation; GLU enhances configuration flexibility and system fault tolerance. Thhis final reprt is deliverable item for work supported by the U.S. navy, SPAWAR, which funded SRI through U.S. Governement Contract No. N00039-89-C-0050.

Date

1992 – February

Institution

SRI International

Key alpha

sri

Publication Date

0000-00-00

1 Introduction 2 The IDES Design Model 3 The Audit Data 4 The Realm Interface 5 The Statistical Anomaly Detector 6 The IDES Expert System 7 The IDES User Interface 8 GLU 9 remaining and Proposed Work

Language

English

Location

A hard-copy of this is in Haas

BibTex-formatted data

To refer to this entry, you may select and copy the text below and paste it into your BibTex document. Note that the text may not contain all macros that BibTex supports.

@Techreport{ sri,
	title = "A Real-Time Intrusion-Detection Expert System (IDES)",
	author = "Teresa F. Lunt, Ann Tamaru, Fred Gilham, R. Jagannathan, Caveh Jalali, Peter G. Neumann",
	year = "1992",
	month = "February",
	institution = "SRI International",
	abstract = "SRI International has designed and developed a real-time intrusion -detection expert system (IDES). IDES is a stand alone system that observes user behavior on one or more monitored computer systems and flgs suspicious events. IDES monitors the activities of individual users, groups, remote hosts and entire systems, and detects suspected security violations, by both insiders and outsiders, as they occur. IDES adaptively learns users\' behavior patterns over time and detects behavior that deviates from these patterns.  IDES also has a rule-based component  that can be used to encode information about known system vulnerabilities and intrusion scenarios.  Inegrating the two approaches makes IDES a comprehensive system for detecting intrusions as well as misuse by authorized users. IDES has been enhanced to run under GLU, a platform supporting distributed, parallel computation; GLU enhances configuration flexibility and system fault tolerance.
Thhis final reprt is deliverable item for work supported by the U.S. navy, SPAWAR, which funded SRI through U.S. Governement Contract No. N00039-89-C-0050.",
	contents = "1 Introduction
2 The IDES Design Model 
3 The Audit Data
4 The Realm Interface
5 The Statistical Anomaly Detector
6 The IDES Expert System
7 The IDES User Interface
8 GLU
9 remaining and Proposed Work",
	language = "English",
}