Abstract
Exsisting security mechanisms protect computers and networks from unauthorized use
through access controls, such as passwords. However, if these access controls
are compromised or can be bypassed, an abuser may gain unauthorized access an thus
can cause great damage and disruption to systems operation.
Modes of protection can be devised against this, however, an intruder is likely to
exhibit behavior patterns different than that of a legitimate user.
While many systems collect audit data, most do not have any capability for
automated analysis of that data. Moreover, those that do collect audit data generally
collect large volumes of data that are not necessarily security relevant. Thus, for
security analysis, a security officer (SO) must wade through stacks of printed
output of audit data. Thus, the capability for automated security analysis of audit
trails is needed.
The Next-generation Intrusion-Detection Expert System (NIDES) is the result of research
that started in the Computer Science Laboratory at SRI International in the early
1980's and led to a series of increaslingly sophisticated prototypes that resulted
in the current NIDES Beta release. The current version, described in this final report
and in greater detail in [1,2,3], is designed to operate in real time to detect
instruions as they occur. NIDES is a comprehensive system that uses innovative
statistical algorithms for anomaly detection, as well as an expert system that encodes
known intrusion scenarios.
Note
This report was prepared for the Department of the Navy, Space and Naval Warfare
Systems Command, under Contract N00039-92-C-0015