The Center for Education and Research in Information Assurance and Security (CERIAS)

The Center for Education and Research in
Information Assurance and Security (CERIAS)
Center for Education and Research in Information Assurance and Security

State of the Practice of Intrusion Detection Technologies

Author

Julia Allen, Alan Christie, William Fithen, John McHugh, Jed Pickel, Ed Stoner

Entry type

techreport

Institution

Carnegie Mellon University

Key alpha

Allen

Number

CMU/SEI-99-TR-028, ESC-99-028

Publisher

Carnegie Mellon University

School

Carnegie Mellon University

Affiliation

Carnegie Mellon Software Engineering Institute

Publication Date

0000-00-00

Contents

Executive Summary....................vii Preface..........................................xi 1) Intrusion Detection - What Is It and Why Is It Needed?..........1 1.1 the Seriousness of Cyber Attacks.......................1 1.2 The Rapidly Growing Threat....................................3 1.3 Attacker and Victim Perspectives of Intrusion...5 1.4 Dimensions of Intrusion Detection.............7 1.5 Operational Challenges with Intrusion Detection Systems.............................12 2) What Is the Current State of Intrusion Detection Technologies?........................17 2.1 Survey of ID Technology........................17 2.2 State of the ID Market...35 2.3 What Did We Learn?....40 3) What Are the Significant Gaps and Promising Future Directions?..............................47 3.1 The Need for Alternative Approaches.......................48 3.2 Network Issues.............58 3.3 Human and Organ- izational Factors................63 3.4 Functional Issues.........68 3.5 Data Analysis Needs...79 3.6 Advanced Research.....83 4) What Are the Organizational Issues?....................................91 4.1 Barriers to Effective Security...............................91 4.2 Understanding the Threat..................................93 4.3 Management Sponsor- ship and Support..............94 4.4 Policies, Procedures, and Mechanisms for Their Enforcement......................95 4.5 The IDS Life Cycle........96 4.6 Awareness and Training............................100 4.7 The Decision To Make, Rent, or Buy ID Staff Capability.........................101 4.8 Managing Expectations....................102 5) What Are Some Recommended Next Steps?....................................103 5.1 Recommendations for Research Sponsors......103 5.2 Recommendations for Users................................104 5.3 Recommendations for Vendors............................106 5.4 Recommendations for Researchers...................109 Appendix A................................113 Appendix B................................121 Appendix C...............................173 Appendix D...............................177 Appendix E................................211 Appendix F................................217

Keywords

intrusion detection, ID technology,

Language

English

Location

A hard-copy of this is in the Papers Cabinet

Subject

Intrusion Detection Technologies

BibTex-formatted data

To refer to this entry, you may select and copy the text below and paste it into your BibTex document. Note that the text may not contain all macros that BibTex supports.