Showing papers on "Intrusion detection system published in 1991"

Self correcting infrared intrusion detection system

Abstract: A self correcting infrared intrusion detection system primarily for elevator doors establishes multiple through-beams to intelligently detect passengers and adjust for environmental changes. Beam patterns are monitored by software that differentiates between intrusions and malfunctions and adjusts itself automatically when hardware partially fails in the absence of an intrusion. The system automatically chooses and executes two different door-width sensing routines. A plurality of spaced apart transmitter stations mounted vertically apart in one door faces a plurality of spaced apart, receiver stations mounted in the other door. Each transmitter station periodically radiates modulated light towards the receivers in the opposite door. A main control circuit monitors all receivers, controls all the transmitters, and executes the software. The presence or absence of a Shepherd beam established diagonally between the doors determines whether the system executes a "long beam" pattern when the doors are far apart or a "short beam" pattern when the doors are closer together. Gate networks can be jumpered to variably configure the transmitters and receivers. The software adjusts for broken parts or semi-permanently interrupted beams by automatically marking out inoperative pathways, thus enabling the system to continue functioning with alternative beam sequences evolved on the job. Marked out beam are periodically re-established by the software. Diagnostic indicators monitor blocked beams to warn service personnel.

A system for distributed intrusion detection

Abstract: The network intrusion-detection concept is extended from the LAN (local area network) environment to arbitrarily wider areas, with the network topology being arbitrary as well. The generalized distributed environment is heterogeneous, i.e. the network nodes can be hosts or servers from different vendors, or some of them could be LAN managers. The proposed architecture for this distributed intrusion-detection system consists of the following components: a host manager (namely a monitoring process or collection of processes running in background) in each host: LAN manager for monitoring each LAN in the system; and a central manager, placed at a single secure location, that receives reports from various host and LAN managers and processes these reports, correlates them, and detects intrusions. >

Method and system for fusing data from fixed and mobile security sensors

Abstract: A system for detecting intrusion into a secured environment using both fixed and mobile intrusion detectors includes a multiplicity of fixed intrusion detection sensors are each deployed at specific, fixed locations within the environment. The mobile sensors are mounted on one or more mobile platforms which selectively patrol throughout the environment and may be rapidly deployed to any region in the environment where a fixed intrusion detector detects a possible intrusion. A computer receives the outputs of the fixed and mobile sensors and is communicatively coupled to the mobile platforms. The computer directs the mobile platforms to travel through the environment along paths calculated by the computer, calculates a sum of weighting factors associated with the output of each sensor, and fuses the sensor outputs so that the sum is uninfluenced by the traveling of the mobile platforms. The sum is compared to a reference whereby an output is provided when the sum exceeds the reference. An alarm system operably coupled to the computer provides an intrusion alert when the output received exceeds the reference.

An expert system application for network intrusion detection

Abstract: The paper describes the design of a prototype intrusion detection system for the Los Alamos National Laboratory's Integrated Computing Network (ICN). The Network Anomaly Detection and Intrusion Reporter (NADIR) differs in one respect from most intrusion detection systems. It tries to address the intrusion detection problem on a network, as opposed to a single operating system. NADIR design intent was to copy and improve the audit record review activities normally done by security auditors. We wished to replace the manual review of audit logs with a near realtime expert system. NADIR compares network activity, as summarized in user profiles, against expert rules that define network security policy, improper or suspicious network activities, and normal network and user activity. When it detects deviant (anomalous) behavior, NADIR alerts operators in near realtime, and provides tools to aid in the investigation of the anomalous event. 15 refs., 2 figs.

Audio intrusion detection system

Abstract: A supervisory circuit for use with an audio intrusion detection system is disclosed. The supervisory circuit periodically generates an audio test signal which is supplied to a sounder which emits an audio test sound. The audio test sound is directed into a volume of space, in the same volume of space as which the audio intrusion detection system is directed to detect. The audio intrusion detection system detects the test sound and generates an audio test signal in response thereto. During the generation of the audio test sound, the comparing apparatus of the audio intrusion detection system is disabled. The audio test signal generated by the audio intrusion detection system is then compared to a test threshold signal. A test result signal is generated in response to the comparison with the test result signal indicative of the operability of the audio intrusion detection system.

A pattern-oriented intrusion-detection model and its applications

Abstract: Operational security problems can lead to intrusion in secure computer systems. The authors justify the need for, and present, a pattern-oriented intrusion-detection model that can be used to analyze object privilege and data flows in secure computer systems to detect operational security problems. This model can address context-dependent intrusion, such as use of covert-storage channels and virus propagation, and has been used to build an intrusion detection system for Trusted XENIX. Pattern-oriented intrusion detection is expected to complement, not replace, current statistical approaches to intrusion detection. >

Photographic security system

Abstract: An intrusion detection apparatus for detecting the presence of an intruder in a forbidden space comprises a sensor, an illumination system, a sound system and a still camera When the sensor detects the presence of an intruder, it switches on the illumination system and the sound system (eg a buzzer or an alarm), and activates the still camera to take a picture of the illuminated intruder The sound system masks the operation of the camera so that the intruder is unaware that a picture has been taken

Detecting and Classifying Intruders in Image Sequences

Abstract: This paper describes a knowledge-based vision system for automating the interpretation of alarm events resulting from a perimeter intrusion detection system (PIDS). Moving blobs extracted over a sequence of digitised images are analysed to identify the cause of alarm. Alarm causes are modelled by a network of frames, and models are maintained for the scene. Due to poor spatial resolution, non-visual contextual information is required to supplement the image data. Probabilities are combined and propagated through the network by Subjective Bayesian Updating.

Intrusion alarm sensing unit

Abstract: The present invention is directed to an intrusion detection system having two different types of motion sensors and processing of the signals produced by the motion sensors in a manner to provide a reliable indication of motion within the space being sensed. The intrusion detection system includes a microprocessor and produces an alarm signal if each sensor is activated within a predetermined time period of each other. The unit is also capable of producing what is referred to as a "trouble" signal, based upon a certain number of unconfirmed event signals, i.e. a signal from only one sensor being received, within a predetermined time, indicating that one of the sensors is not operating properly. Once a certain number of unconfirmed event signals are received, the unit operates in one of at least two different default modes whereby a trouble signal or trouble signal and alarm signal are produced by means of a different logic processing step. The invention is also directed to an intrusion detection system having dual sensors where the user can automatically reset the unit should the system have gone into default mode operation. This is particularly useful in that it reduces service on the units and also provides an easy, convenient manner for the user to restore the device to normal operation when required.

A phased approach to network intrusion detection

Abstract: This paper describes the design and development of a prototype intrusion detection system for the Los Alamos National Laboratory's Integrated Computing Network (ICN). The development of this system is based on three basic assumptions: (1) that statistical analysis of computer system and user activates may be used to characterize normal system and user behavior, and that given the resulting statistical profiles, behavior which deviates beyond certain bounds can be detected, (2) that expert system techniques can be applied to security auditing and intrusion detection, and (3) that successful intrusion detection may take place while monitoring a limited set of network activities. The Network Anomaly Detection and Intrusion Reporter (NADIR) design intent was to duplicate and improve the audit record review activities which had previously been undertaken by security personnel, to replace the manual review of audit logs with a near realtime expert system.

Network auditing: issues and recommendations

Abstract: Auditing can be used to detect abuse or intrusion into a computer system in some cases or if the abuse or intrusion is discovered by other means, the audit can be used after-the-fact to help determine the amount of damage that has occurred on the system. The deterrent presented by the audit trail is also important. In the past, audit trails have usually been oriented to standalone processors. The paper explores issues present when auditing in a networked environment. The issues are grouped according to: collection and storage, integration, protection and analysis. Some recommendations for further research, development, standards and policy-making initiatives are provided. >

Intrusion detection apparatus for local area network

Abstract: Intrusion detection is afforded for local area networks by including one or more intelligent hub units connected to the stations in the network. The intelligent hub unit maintains a list of codes identifying those stations and units connected locally to ports of the intelligent hub unit. When a station initiates a message on the network, a source identifier code unique to the sending station is incorporated in the message as specified by the standard access protocol. At the intelligent hub unit, the source identifier code is recovered from the received message and the port at which the message was received is identified. The received source identifier code is compared with the particular entry in the stored list of codes corresponding to the identified port. If the comparisons fail to generate a matching condition between the source identifier and the particular entry in the list of codes, then the intelligent hub unit generates an alarm indicative of an intrusion on the network.

Effect of preprocessing on election in a complete network with a sense of direction

Abstract: M.C. Loui et al. (1986) presented a distributed leader electron algorithm in a complete network with a sense of direction which requires less than 3.62N where N is the number of processors in the network. The authors show how the divide and conquer paradigm (i.e., preprocessing and postprocessing) can help lower the constant factor of 3.62 when N is composite (i.e., N=dN'). They present the effect of preprocessing for a set of values of d. >

Interior intrusion detection systems

Abstract: The purpose of this NUREG is to present technical information that should be useful to NRC licensees in designing interior intrusion detection systems. Interior intrusion sensors are discussed according to their primary application: boundary-penetration detection, volumetric detection, and point protection. Information necessary for implementation of an effective interior intrusion detection system is presented, including principles of operation, performance characteristics and guidelines for design, procurement, installation, testing, and maintenance. A glossary of sensor data terms is included. 36 figs., 6 tabs.

Trends towards the optimum danger detection system

Abstract: Based on examples of fire and intrusion detection systems, the author discusses current developments and trends for improving detection techniques in order to overcome the problems of deceptive alarms. Trends in the direction of improved aesthetics of danger detection systems, particularly the miniaturization of detectors and wireless transmission are also covered. Finally, the issues of reliability and product costs are addressed. Together, these topics represent the main directions towards an optimum danger detection system. >

Intrusion detection system and signal processing circuitry therefor

Abstract: An intrusion sensor apparatus comprises a microphonic cable and signal processing circuitry for monitoring the output of the cable to signal an attempted intrusion. The signal processing circuit comprises a number of parallel signal processing channels each adapted to respond to characteristics of the output of the cable indicative of the type of mechanical stimulation of the cable which correlates with the type of intrusion. The characteristics to which the channels respond are the time dependent behaviour of parts of the frequency spectrum of the cable output.

A two-channel PC-based hardware implementation of the maximum likelihood classifier for the Shuttle ice detection system

Abstract: A PC-based near-real-time implementation of the two-channel maximum-likelihood classifier for the Space Shuttle ice detection system is described. A menu-drive image processing system was developed to implement the classification process. Attention is given to the system history, requirements, and testing, as well as to system implementation, spectral signatures from imagery data, and image processing hardware and software. >

A prototype implementation of a network-level intrusion detection system. Technical report number CS91-11

Abstract: This paper presents the implementation of a prototype network level intrusion detection system. The prototype system monitors base level information in network packets (source, destination, packet size, time, and network protocol), learning the normal patterns and announcing anomalies as they occur. The goal of this research is to determine the applicability of current intrusion detection technology to the detection of network level intrusions. In particular, the authors are investigating the possibility of using this technology to detect and react to worm programs.

Detecting intrusions through attack signature analysis

Abstract: Intrusion detection has generally been based on defining normal user behavior through profiles and rule-based systems and on identifying significant deviations from such behavior as anomalous. An alternative, or a supplementary, strategy for detecting intrusions is based on attack signature analysis, whose objective is to define and recognize events or sequences of events as attack-type behavior. Such event sequences, which may constitute part of a larger attack, may be employed to exploit certain system flaws or known vulnerabilities. This paper concentrates on attack signature analysis in general, and on a preliminary version of the signature analysis module of the distributed intrusion detection system (DIDS) in particular. A signature representation is developed, a number of attack scenarios and their corresponding signatures are outlined, and mechanisms to detect the signatures are discussed.

A non-lethal high-voltage intelligent intrusion sensor

Abstract: Presents a nonlethal high-voltage intelligent intrusion detection sensor for perimeter alarm systems. The sensor looks like a conventional high-voltage electric net barrier. It is a kind of outdoor detection system, and functions not only as a fearsome obstacle but also as an intrusion detector. The alarm detection algorithm, which classifies the sensor readings into three levels (alarm, uncertain, and secure), avoids many false alarms by detecting logically unreasonable data and analyzing weather-related disturbances. By this algorithm, the system makes a significant improvement in reducing the false alarm rate. This approach revitalizes the conventional simple high-voltage barrier and upgrades it into an intelligent intrusion detection system. >