State of the Practice of Intrusion Detection Technologies
Author
Julia Allen, Alan Christie, William Fithen, John McHugh, Jed Pickel, Ed Stoner
Institution
Carnegie Mellon University
Number
CMU/SEI-99-TR-028, ESC-99-028
Publisher
Carnegie Mellon University
School
Carnegie Mellon University
Affiliation
Carnegie Mellon Software Engineering Institute
Publication Date
0000-00-00
Contents
Executive Summary....................vii
Preface..........................................xi
1) Intrusion Detection - What Is
It and Why Is It Needed?..........1
1.1 the Seriousness of
Cyber Attacks.......................1
1.2 The Rapidly Growing
Threat....................................3
1.3 Attacker and Victim
Perspectives of Intrusion...5
1.4 Dimensions of
Intrusion Detection.............7
1.5 Operational Challenges
with Intrusion Detection
Systems.............................12
2) What Is the Current State of
Intrusion Detection
Technologies?........................17
2.1 Survey of ID
Technology........................17
2.2 State of the ID Market...35
2.3 What Did We Learn?....40
3) What Are the Significant
Gaps and Promising Future
Directions?..............................47
3.1 The Need for Alternative
Approaches.......................48
3.2 Network Issues.............58
3.3 Human and Organ-
izational Factors................63
3.4 Functional Issues.........68
3.5 Data Analysis Needs...79
3.6 Advanced Research.....83
4) What Are the Organizational
Issues?....................................91
4.1 Barriers to Effective
Security...............................91
4.2 Understanding the
Threat..................................93
4.3 Management Sponsor-
ship and Support..............94
4.4 Policies, Procedures,
and Mechanisms for Their
Enforcement......................95
4.5 The IDS Life Cycle........96
4.6 Awareness and
Training............................100
4.7 The Decision To Make,
Rent, or Buy ID Staff
Capability.........................101
4.8 Managing
Expectations....................102
5) What Are Some
Recommended Next
Steps?....................................103
5.1 Recommendations for
Research Sponsors......103
5.2 Recommendations for
Users................................104
5.3 Recommendations for
Vendors............................106
5.4 Recommendations for
Researchers...................109
Appendix A................................113
Appendix B................................121
Appendix C...............................173
Appendix D...............................177
Appendix E................................211
Appendix F................................217
Keywords
intrusion detection, ID technology,
Location
A hard-copy of this is in the Papers Cabinet
Subject
Intrusion Detection Technologies