T. Lunt, A. Tamaru, F. Gilham, R. Jagannathan, P.G. Newumann, and C. Jalali, "IDES: A Progress Report," in Proceedings of the 6'th Annual Computer Security Applications Conference, 1990.  Home/Search   Document Not in Database   Summary   Related Articles   Check

....proportional to the frequency of use of X window by the target user. Tools are available for statistical estimation of user profiles based on the analysis of the users behaviour and of their interactions within the system. These tools have been developed for intrusion detection, for instance IDES [Lunt et al. 1990] and more recently NIDES [Javitz Valdez 1994] which can be used in Unix environments. Then, we can use the statistical profiles provided by such tools in order to estimate the success rates relative to the attacks identified in the privilege graph, without relying only on security experts ....

T. F. Lunt, A. Tamaru, F. Gilham, R. Jagannathan, P. G. Neumann and C. Jalali, "IDES: A Progress Report", in the Sixth Annual Comp. Security Applications, (Tucson, Arizona, USA), 1990.

....systems have become available commercially over the past few years [2, 4, 14] Although their deployment in the marketplace suggests that these systems benefit their users, there is almost no data measuring their effectiveness. The same paucity of evaluation results plagues the research arena [7, 8, 13, 20]. Evaluating detection systems is a difficult undertaking, complicated by several common practices. For example, most evaluations are done according to a black box testing regime (e.g. 7] While black box testing can demonstrate the overall performance capabilities of a detection system, it ....

Lunt, Teresa F.; Tamaru, Ann; Gilham, Fred; Jagannathan, R.; Neumann, Peter G. and Jalali, Caveh, "IDES: A Progress Report", In Annual Computer Security Applications Conference. Tuscon, Arizona: IEEE Computer Society Press, 3-7 December 1990, pp. 273-285.

.... without authorization (i.e. crackers) and those who have legitimate access to the system but are exceeding their privileges (i.e. the insider threat) Work is being done elsewhere on Intrusion Detection Systems (IDS s) for a single host [10 11 8] and for several hosts connected by a network [7 6 12]. Our own earlier work on the Network Security Monitor (NSM) concentrated on monitoring a broadcast Local Area Network (LAN) 3] The proliferation of heterogeneous computer networks has serious implications for the intrusion detection problem. Foremost among these implications is the increased ....

T.F. Lunt, A. Tamaru, F. Gilham, R. Jagannathan, P.G. Neumann, and C. Jalali, "IDES: A Progress Report," Proc. Sixth Annual Computer Security Applications Conference, Tucson, AZ, Dec. 1990.

....behavior and seeks to detect it directly. There is usually a misuse detection component in an intrusion detection system because statistical techniques (anomaly intrusion detection) alone are not enough to detect all types of intrusions. A real time intrusion detection expert system (IDES) [5, 4, 19, 16, 17, 10, 20] has two components: a rule based component and a statistical component, which operate in parallel. The IDES rule based component is a rule based, forward chaining system using the Rete algorithm. Nextgeneration intrusion detection expert system (NIDES) 9, 11] is a rearchitected version of the ....

T. Lunt, A. Tamaru, F. Gilham, R. Jagannathan, P. Neuman, and C. Jalali. IDES: A Progress Report. In Proceedings of the 6th Annual Computer Security Conference, Oct. 1990.

....ensures that the network does not train on intrusive behavior. Other IDSs employing expert systems are Haystack [He] AudES [Ts] MIDAS [SeSh] and NADIR [JaDu] 4. 2 Anomaly Detection Anomaly detection is based on the assumption that misuse or intrusive behavior deviates from normal system use [LuTa] [De] DeBe] LiVa] In many cases this is a valid assumption, as in the attacker who breaks into a legitimate user s account. The attacker may behave differently than the regular user, so if the IDS has established what the user normally does during a session, it can determine that the user is ....

T. Lunt, A. Tamaru, F. Gilham, R. Jaganathan, P. Neuman, C. Jalali. "IDES: A Progress Report." Proceedings of the Sixth Annual Computer Security Applications Conference, 1990.

....tables, and network traffic summaries. IDSs have been developed and used at several institutions. Some example IDSs are National Security Agency s Multics Intrusion Detection and Alerting System (MIDAS) 31] AT T s ComputerWatch [9] SRI International s Intrusion Detection Expert System (IDES) [24, 25] and Next Generation Intrusion Detection Expert System (NIDES) 1] UC Santa Barbara s State Transition Analysis Tool for UNIX (USTAT) 15, 16] Los Alamos National Laboratory s (LANL s) Network Anomaly Detection and Intrusion Reporter (NADIR) 14] and UC Davis Network Security Monitor (NSM) ....

T. F. Lunt et al., "IDES: A Progress Report," Proc., Sixth Annual Computer Security Applications Conference, Tucson, AZ, December 1990.

....suspicious behavior as it occurs. This system, known as NIDES (Next Generation Intrusion Detection Expert System) takes the approach that intrusions, whether successful or attempted, could be detected by flagging departures from historically established norms of behavior for individual users [17, 15, 16, 18]. A survey of other intrusion detection projects and prototypes can be found in [14] SRI s NIDES prototype determines whether user behavior as reported in the audit data is normal with respect to past or acceptable behavior. Various intrusion detection measures are profiled for each user. A ....

T. F. Lunt, A. Tamaru, F. Gilham, R. Jagannathan, P. G. Neumann, and C. Jalali. IDES: A progress report. In Proceedings of the Sixth Annual Computer Security Applications Conference, December 1990.

No context found.

T. Lunt, A. Tamaru, F. Gilham, R. Jagannathan, P.G. Newumann, and C. Jalali, "IDES: A Progress Report," in Proceedings of the 6'th Annual Computer Security Applications Conference, 1990.

No context found.

Lunt, T., Tamaru, A., Gilham, F., Jagannathan, R., Neumann, P., and Jalali, C. (1990b). IDES: A Progress Report. In Proceedings of the Computer Security Application Conference, pages 273285.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC