"... In PAGE 2: ... II. PREVIOUS WORK In the past seventeen years, there have been a number of intrusion detection and intrusion response tools developed (See Table1 ). The response systems can be categorized as notification systems, manual response systems, or automatic response systems.... ..."

"... In PAGE 21: ... It is, however, a costly process, both for transporting the audits and for processing them. 4 Intrusion-detection tools Table1 presents a selection of intrusion-detection tools that wehave encoun- tered and shows a taxonomy of their components. The selection merely illus- trates the notions described in this paper, and implies no judgment of the quality of the tool, product, or method on our part.... In PAGE 22: ...Abbreviations used: ES: expert system;; SA: signature analysis;; PN: Petri net;; STA: state transition analysis;; Stat: statistics;; NN: neural network;; UII: user intent;; HB: host-based, and NB: network-based. Table1 contains more host-based intrusion-detection systems than network- based intrusion-detection systems. However, this is not the trend in intrusion detection, whichistowards network information and protection of the infras- tructure.... In PAGE 22: ... The main reasons for this are probably the ease of installing a network-based tool (no user workstation manipulation re- quired), the performance degradation experienced by systems when an audit is started, and the di culty and cost of managing a large-scale host audit infrastructure. Table1 also shows that, even though manytechniques have been explored for intrusion detection, most commercial products available today implement one and only one technique, and that the majority of the recent ones [23,28,66] use signatures, for two reasons:... ..."

"... In PAGE 5: ...etection system (IDS). ...........................................................................................................................................30 Table7 : Relationship between the network intrusion detection system and the immune system. IDS: Intrusion Detection System.... In PAGE 31: ... They also suggested that an overall artificial immune model for network intrusion detection would be comprised by three distinct evolutionary stages: 1) negative selection, 2) clonal selection and 3) gene library evolution. Table7 shows how they related the immune system with their network environment, and Figure 15 presents the physical architecture of their system (IDS corresponds to Intrusion Detection System). The negative selection algorithm with niching simply replaces the random generation of detectors by the evolution of detectors towards non-self.... ..."

"... In PAGE 2: ... This paper does not discuss all existing products and vendors o ering intrusion-detection solutions. Information sources Table1 shows the products a number of vendors propose for monitoring multiple information sources. It clearly shows that most vendors associate a host-based and a network-based intrusion-detection product.... ..."

"... In PAGE 17: ...Through analysis of the results shown in Table2 , the false alarms included in the reports of both systems could be pruned, and the accuracy of these two systems for de- tecting intrusions occurring in the same environment during the same period is shown in Table 3. Table 3.... ..."

"... In PAGE 9: ...Table 1: Comparison between Intrusion Detection Systems (IDS), Stateless Model (SM) and Application level firewall (FW). The proposed solution is compared to intrusion detection systems and application level firewalls in Table1 . Intrusion detection system checks the value of each field and raises an alarm in the case of any suspicious content.... In PAGE 9: ... The stateless model defines and enforces a value for idle fields. It is possible to see in Table1 that the stateless model provides advantages over intrusion detection systems and firewalls in most cases. The stateless model can filter encrypted payload, allows protocols to be used freely and is computationally inexpensive.... ..."

"... In PAGE 5: ...able 5: Relationship between the biological immune system and the proposed neural network model.........................21 Table6 : Components of the immune system that satisfy the requirements for the development of an efficient intrusion detection system (IDS).... In PAGE 30: ... Upon their analysis, they identified three fundamental requirements for the derivation of the design goals for network-based intrusion detection, named distribution, self-organization and being lightweight. Table6 describes the immune system components and functions that satisfy the... ..."