scispace - formally typeset

Topic

Intrusion detection system

About: Intrusion detection system is a(n) research topic. Over the lifetime, 28444 publication(s) have been published within this topic receiving 509530 citation(s). The topic is also known as: Intrusion Detection System & IDS.


Papers
More filters
Proceedings Article
12 Nov 1999
TL;DR: Snort provides a layer of defense which monitors network traffic for predefined suspicious activity or patterns, and alert system administrators when potential hostile traffic is detected.
Abstract: Network intrusion detection systems (NIDS) are an important part of any network security architecture. They provide a layer of defense which monitors network traffic for predefined suspicious activity or patterns, and alert system administrators when potential hostile traffic is detected. Commercial NIDS have many differences, but Information Systems departments must face the commonalities that they share such as significant system footprint, complex deployment and high monetary cost. Snort was designed to address these issues.

3,388 citations

Journal ArticleDOI
TL;DR: A model of a real-time intrusion-detection expert system capable of detecting break-ins, penetrations, and other forms of computer abuse is described, based on the hypothesis that security violations can be detected by monitoring a system's audit records for abnormal patterns of system usage.
Abstract: A model of a real-time intrusion-detection expert system capable of detecting break-ins, penetrations, and other forms of computer abuse is described. The model is based on the hypothesis that security violations can be detected by monitoring a system's audit records for abnormal patterns of system usage. The model includes profiles for representing the behavior of subjects with respect to objects in terms of metrics and statistical models, and rules for acquiring knowledge about this behavior from audit records and for detecting anomalous behavior. The model is independent of any particular system, application environment, system vulnerability, or type of intrusion, thereby providing a framework for a general-purpose intrusion-detection expert system.

3,171 citations

Proceedings Article
01 Jan 2003
TL;DR: This paper presents an architecture that retains the visibility of a host-based IDS, but pulls the IDS outside of the host for greater attack resistance, achieved through the use of a virtual machine monitor.
Abstract: Today’s architectures for intrusion detection force the IDS designer to make a difficult choice If the IDS resides on the host, it has an excellent view of what is happening in that host’s software, but is highly susceptible to attack On the other hand, if the IDS resides in the network, it is more resistant to attack, but has a poor view of what is happening inside the host, making it more susceptible to evasion In this paper we present an architecture that retains the visibility of a host-based IDS, but pulls the IDS outside of the host for greater attack resistance We achieve this through the use of a virtual machine monitor Using this approach allows us to isolate the IDS from the monitored host but still retain excellent visibility into the host’s state The VMM also offers us the unique ability to completely mediate interactions between the host software and the underlying hardware We present a detailed study of our architecture, including Livewire, a prototype implementation We demonstrate Livewire by implementing a suite of simple intrusion detection policies and using them to detect real attacks

1,606 citations

Journal ArticleDOI
TL;DR: The main challenges to be dealt with for the wide scale deployment of anomaly-based intrusion detectors, with special emphasis on assessment issues are outlined.
Abstract: The Internet and computer networks are exposed to an increasing number of security threats. With new types of attacks appearing continually, developing flexible and adaptive security oriented approaches is a severe challenge. In this context, anomaly-based network intrusion detection techniques are a valuable technology to protect target systems and networks against malicious activities. However, despite the variety of such methods described in the literature in recent years, security tools incorporating anomaly detection functionalities are just starting to appear, and several important problems remain to be solved. This paper begins with a review of the most well-known anomaly-based intrusion detection techniques. Then, available platforms, systems under development and research projects in the area are presented. Finally, we outline the main challenges to be dealt with for the wide scale deployment of anomaly-based intrusion detectors, with special emphasis on assessment issues.

1,483 citations

Patent
29 Oct 2007
Abstract: A flow processing facility, which uses a set of artificial neurons for pattern recognition, such as a self-organizing map, in order to provide security and protection to a computer or computer system supports unified threat management based at least in part on patterns relevant to a variety of types of threats that relate to computer systems, including computer networks. Flow processing for switching, security, and other network applications, including a facility that processes a data flow to address patterns relevant to a variety of conditions are directed at internal network security, virtualization, and web connection security. A flow processing facility for inspecting payloads of network traffic packets detects security threats and intrusions across accessible layers of the IP-stack by applying content matching and behavioral anomaly detection techniques based on regular expression matching and self-organizing maps. Exposing threats and intrusions within packet payload at or near real-time rates enhances network security from both external and internal sources while ensuring security policy is rigorously applied to data and system resources. Intrusion Detection and Protection (IDP) is provided by a flow processing facility that processes a data flow to address patterns relevant to a variety of types of network and data integrity threats that relate to computer systems, including computer networks.

1,428 citations


Network Information
Related Topics (5)
Wireless sensor network

142K papers, 2.4M citations

92% related
Encryption

98.3K papers, 1.4M citations

92% related
Network packet

159.7K papers, 2.2M citations

90% related
Wireless network

122.5K papers, 2.1M citations

89% related
Wireless

133.4K papers, 1.9M citations

88% related
Performance
Metrics
No. of papers in the topic in previous years
YearPapers
202267
20211,873
20202,131
20191,971
20181,781
20171,552