Showing papers on "Intrusion detection system published in 1990"

A network security monitor

Abstract: This study concentrates on the security-related issues in a single broadcast LAN (local area network) such as Ethernet. The authors formalize various possible network attacks. Their basic strategy is to develop profiles of usage of network resources and then compare current usage patterns with the historical profile to determine possible security violations. Thus, the work is similar to the host-based intrusion-detection systems. Different from such systems, however, is the use of a hierarchical model to refine the focus of the intrusion-detection mechanism. The authors also report on the development of an experimental LAN monitor currently under implementation. Several network attacks have been simulated, and results on how the monitor has been able to detect these attacks are analyzed. Initial results demonstrate that many network attacks are detectable with the authors' monitor, although it can be defeated. >

The architecture of a network level intrusion detection system

Abstract: This paper presents the preliminary architecture of a network level intrusion detection system. The proposed system will monitor base level information in network packets (source, destination, packet size, and time), learning the normal patterns and announcing anomalies as they occur. The goal of this research is to determine the applicability of current intrusion detection technology to the detection of network level intrusions. In particular, the authors are investigating the possibility of using this technology to detect and react to worm programs.

Model-based vision for automatic alarm interpretation

Abstract: In a previous paper T.J. Ellis et al. (1989) described the development of a knowledge-based vision recognition system for automating the interpretation of alarm events resulting from a perimeter intrusion detection system (PIDS). Measurements extracted over a sequence of digitized images are analyzed to identify the cause of alarm. Models are maintained for both alarm causes and the scene and the measurements are matched with the models to derive an appropriate classification of the event. The authors record progress on the further development of the system and present the results of applying it to a number of real alarms. The system is shown to behave robustly, correctly classifying genuine alarm events (i.e., human intruders) and providing statistics of false alarm events. >

Integrating passive infrared intrusion detector

Abstract: In a passive infrared intrusion detection system, a signal responsive to infrared radiation received from optically divided zones of an area to be monitored is integrated to produce an integral sum. The integral sum is used to generate an alarm indication. The alarm indication is thereby responsive to the energy of the signal responsive to the infrared radiation received, thus improving sensitivity of the detection system without increasing susceptibility of generating a false alarm.

Is your computer being misused? A survey of current intrusion detection system technology

Abstract: All computer systems are vulnerable to abuse and penetration by both legitimate users who abuse their authority and individuals who are not authorized to use the computer system. Many systems are under development to aid in the detection of these abuses. The capabilities of these 'intrusion detection systems' (IDS) are varied, ranging from tools that provide for the meaningful reduction of audit data to tools that provide in-depth analysis of user and system behavior. The authors have performed a survey of the state-of-the-art in intrusion detection systems. This paper presents a summary of this survey. >

IDES: a progress report (Intrusion-Detection Expert System)

Abstract: Describes a real-time intrusion-detection expert system (IDES), that observes user behavior on a monitored computer system and adaptively learns what is normal for individual users, groups, remote hosts, and the overall system behavior. Observed behavior is flagged as a potential intrusion if it deviates significantly from the expected behavior or if it triggers a rule in the expert-system rule base. >

Intrusion detection system having improved immunity to false alarm

Abstract: A multi-sensor intrusion detection system having improved immunity to false alarm is disclosed. The sensor being less susceptible to the generation of false alarm has its output signal processed and held. The held signal is supplied to a logic gate which receives directly the signal from the other sensor. The output of the logic gate generates an alarm signal.

The mobile intrusion detection and assessment system (MIDAS)

Abstract: A description is presented of MIDAS, the Mobile Intrusion Detection and Assessment System. MIDAS is a security system that can be quickly deployed to provide wide area coverage for a mobile asset. MIDAS uses two passive infrared imaging sensors, one for intruder detection and one for assessment. Detected targets are tracked while assessment cameras are directed to view the intruder location for operator observation and assessment. The dual sensor design allows simultaneous detection, assessment, and tracking. Control and status information is provided to an operator using a color graphics terminal, touch panel driven menus, and a joystick for control of the assessment sensor pan and tilt. >

An unmanned watching system using video cameras

Abstract: A description is given of an unmanned intrusion detection system for power stations or substations that detects trespassers in real time, both indoors and outdoors, and is based on image processing. The main part of the system consists of a video camera, an image processor, and a microprocessor. Images are input from the video camera to the image processor every 1/60 s, and objects that enter the field of the image are detected by measuring the changes of the intensity level in selected sensor areas. The shapes and locations of active sensor areas can be determined based on detection application, using techniques tailored to the application. Noise removal filters prevent spurious detections. High detection sensitivity is guaranteed under any environmental condition. The system configuration and the detection method are described. Experimental results under a range of environmental conditions are given. >

Wireless bistatic link intrusion detection system

Abstract: An intrusion detection system employing multiple bistatic microwave links and wireless means for remotely interrogating each link to provide alarm and status information at a central station. The central station includes a microprocessor for remotely adjusting the operating parameters of the microwave transmitters and receivers forming said links to increase the probability of intrusion detection and reduce the probability of false alarms.

Image surveillance systems: some novel design features

Abstract: Considerable advances in image storage techniques are now making possible systems for the capture of image sequences showing the scene before, at, and after the time at which a PIDS (perimeter intrusion detection system) is triggered. Novel design features aimed at enhancing the overall performance of the imaging system with cost saving implications are presented. >

Video motion detection for physical security applications

Abstract: Physical security specialists have been attracted to the concept of video motion detection for several years. Claimed potential advantages included additional benefit from existing video surveillance systems, automatic detection, improved performance compared to human observers, and cost-effectiveness. In recent years, significant advances in image-processing dedicated hardware and image analysis algorithms and software have accelerated the successful application of video motion detection systems to a variety of physical security applications. Early video motion detectors (VMDs) were useful for interior applications of volumetric sensing. Success depended on having a relatively well-controlled environment. Attempts to use these systems outdoors frequently resulted in an unacceptable number of nuisance alarms. Currently, Sandia National Laboratories (SNL) is developing several advanced systems that employ image-processing techniques for a broader set of safeguards and security applications. The Target Cueing and Tracking System (TCATS), the Video Imaging System for Detection, Tracking, and Assessment (VISDTA), the Linear Infrared Scanning Array (LISA); the Mobile Intrusion Detection and Assessment System (MIDAS), and the Visual Artificially Intelligent Surveillance (VAIS) systems are described briefly.

On the design of decision support system for power system operation using sensor fusion techniques

Abstract: The authors evaluate the performance of an integrated decision support (IDS) system design for assessing power system security status. This design is based on sensor fusion techniques. The IDS system integrates the information from two different security criteria and gives the optimal decision which minimizes the risk of making a wrong decision. A simple two-bus power system is used to illustrate the IDS system and evaluate the 16 possible decision rules. It is shown that as the operating conditions change (uniform vs. Gaussian distribution) the fusion rules change, thus showing the need for a decision fusion center in energy management systems. >

External intrusion detection systems for critical facilities

Abstract: A description is presented of the application of Sparton sensors and systems to perimeter intrusion detection around high-security military and civilian facilities. The system is primarily concerned with protection of approach areas, and assumes that other equipment or systems will be used for detection and identification within the physical boundaries of the secured facility. While Sparton equipment is designed for detection in open areas some sensors are quite suitable for internal detection as well. The system described is based on protection of a hypothetical power plant, and is chosen to illustrate how specific sensors can be used. Other facilities, such as military bases, precious or dangerous material storage areas, or national security buildings could utilize similar sensors. Using radio links, these systems can protect much larger areas such as airfields or national borders. >

Stellar Systems Inc. Series 800/5000 E-Field sensor evaluation

Abstract: This report concerns the evaluation of the Stellar Systems Inc. E-Field intrusion detection system Series 800 control unit and the 5000 Series hardware components. Included are functional descriptions, installation procedures, testing procedures, and testing/operational results. 35 figs.

NADIR (Network Anomaly Detection and Intrusion Reporter): A prototype network intrusion detection system

Abstract: The Network Anomaly Detection and Intrusion Reporter (NADIR) is an expert system which is intended to provide real-time security auditing for intrusion and misuse detection at Los Alamos National Laboratory's Integrated Computing Network (ICN). It is based on three basic assumptions: that statistical analysis of computer system and user activities may be used to characterize normal system and user behavior, and that given the resulting statistical profiles, behavior which deviates beyond certain bounds can be detected, that expert system techniques can be applied to security auditing and intrusion detection, and that successful intrusion detection may take place while monitoring a limited set of network activities such as user authentication and access control, file movement and storage, and job scheduling. NADIR has been developed to employ these basic concepts while monitoring the audited activities of more than 8000 ICN users.

The application of IKBS techniques to perimeter intrusion detection systems

Abstract: Work concerned with identifying the areas to which application of IKBS (intelligent knowledge-based system) techniques could best benefit the UK's Home Branch and its customers is discussed. Perimeter security was identified as one area in which both the use of rule induction techniques and the incorporation of local rules were likely to be of considerable benefit. An extensive collaborative program with industry was initiated. This work has led to the production of a bespoke hardware system, now the subject of extensive operational trials. The prototype operational study is described. >