Showing papers on "Intrusion detection system published in 1988"

Haystack: an intrusion detection system

Abstract: Haystack is a prototype system for the detection of intrusions in multiuser US Air Force computer systems. Haystack reduces voluminous system audit trails to short summaries of user behavior, anomalous events, and security incidents. This is designed to help the system security officer detect and investigate intrusions, particularly by insiders (authorized users). Haystacks's operation is based on behavioral constraints imposed by security policies and on models of typical behavior for user groups and individual users. >

A prototype real-time intrusion-detection expert system

Abstract: The design and implementation of a prototype intrusion-detection expert system (IDES) are described. IDES is based on the concept that an intrusion manifests itself as a departure from expected behavior for a user. The prototype monitors users on a remote system, using audit records that characterize their activities. It adaptively learns the normal behavior of each user and detects and reports anomalous user behavior in real time. >

Emergency action systems including console and security monitoring apparatus

Abstract: There is described an emergency action system which is an integrated security control and communications system employed for relatively large and secure installations such as embassies, military buildings and so on. The emergency action system apparatus consists of two major subdivisions. A first subdivision is a security and control subsystem which operates to monitor and control sensors and actuators associated with an intrusion detection system. The security and control subsystem handles event logging, generates alarm map displays and switches and distributes surveillance video. The second subdivision of the system is associated with user emergency action consoles which consoles provide the interface and handle voice and data communications to enable the user to interface with the existing communications system as located on the installation as well as with the intrusion detection system. The consoles include direct control circuits which provide for rapid fail safe actuation of various controls throughout the building such as doors and so on. The console contains various displays to enable the user to interface with both systems. This enables the user to control and monitor system operation from a single console which serves to integrate control of both the intrusion detection system as well as the communication system as existing on the premises.

NIDX-an expert system for real-time network intrusion detection

Abstract: A knowledge-based prototype network intrusion detection expert system (NIDX) for the Unix System V environment is described. NIDX combines knowledge describing the target system, history profiles of users' past activities, and intrusion detection heuristics from a knowledge-based system capable of detecting specific violations that occur on the target system. Intrusions are detected by classifying user activity from a real-time audit trail of Unix system calls and then, using system-specific knowledge and heuristics about typical intrusions and attack techniques, determining whether or not the activity is an intrusion. The authors describe the NIDX knowledge base, and Unix system audit trail mechanism and history profiles , and demonstrate the knowledge-based intrusion detection process. >

Intrusion detection system and a method therefor

Abstract: A dual sensing intrusion detection system includes a passive infrared radiation detection sensor that generates a first output signal in response to the detection of an intruder in the volume of space. A second detection sensor is directed to the same volume of space and generates a second output signal in response to detection of the intruder. A switch activates the second detection sensor in response to the detection of the intruder by the infrared radiation detector. Logic circuit receives the first and second output signals and produces an alarm signal in response thereto to indicate the detection of the presence of the intruder in the volume of space.

Fault detection in combination intrusion detection systems

Abstract: An intrusion detection system employs a microwave subsystem and a passive infra-red subsystem. Both systems must produce an output signal indicative of an intrusion in order for the system to produce an alarm. There is disclosed a supervision circuit which monitors the number of trips of the microwave system as well as the number of trips of the PIR system. If the number of trips which are indicative of false alarms exceeds preset counts then an alarm is produced indicating that there is a failure in the microwave or the PIR system. The system further monitors the microwave system to determine whether the transmit and receiving diodes are functioning properly. The system will also indicate a fault if an intruder or an object is placed within a predetermined protection dome implemented by the system. Hence the system can produce multiple faults indicative of subsystem failures to notify the user of the system that such a failure has occurred.

Intrusion detection system for secure fiber optics

Abstract: Methods and apparatus are disclosed for an intrusion detection system for secure fiber optic communication systems. A guard signal is transmitted over the optical fiber communication link and both the modal power and modal phase delay of this signal are monitored. Intrusions into the link for the purpose of intercepting information being transmitted, cause changes in the modal phase delay and power of the guard signal. These changes, when detected by the monitoring system, indicate the presence of an intruder. A fiber profile which is optimal for both transmission and intrusion detection purposes is described.

Intrusion detection switch housing

Abstract: A threadably installable intrusion detection unit. The unit has a generally cylindrical housing with an exterior threaded surface and an end portion formed to receive a screw driver. An operative intrusion detection element, such as a magnetic or a reed switch, is contained within the hollow interior of the housing.

Locally nulled sine-wave total power alarm for intrusion detecting optical communications systems

Abstract: An intrusion detection optical communication system modifies the original data signal to include a synchronizing periodic waveform. The receiver generates an inverted synchronizing periodic waveform signal corresponding with the transmitted signal to null the same under normal operation. When an intrusion in the optical system arises, power is extracted from the system and the nulled condition is disrupted. The disruption is detected and activates an alarm circuit when the disruption is above a threshold value.

Adaptive real-time training strategies for a trainable multi-sensor perimeter intrusion detection system

Abstract: This study was motivated by a need to simplify the operation of an existing multisensor perimeter intrusion-detection system, and by a step upward in processing power and storage capacity of small personal computers. The feasibility of centralizing and automating the processing was studied, and telemetry options were examined. While research is still needed to develop key algorithms, bandwidths and data rates have been checked for two processing structures and for perimeters in excess of 10 km and found to be easily within the capability of a centralized 386/1167 processing system. >

A Navigation Control System for an Autonomous Mobile Robot

Abstract: The Denning Sentry I is an autonomous mobile robot configured for use as an electronic security system. A mobile security robot can provide comprehensive volume protection of an office building, warehouse, or factory at a lower installation cost than for a fixed intrusion detection system. The security robot’s sensor inputs can be correlated to provide a higher probability of detection than uncorrelated sensors generally employed by fixed systems. The security robot’s patrol routes can be modified as customers’ facilities change, without requiring extensive rewiring. Finally, additional sensors can be easily added for detecting fire, smoke, or toxic gases.