Showing papers on "Intrusion detection system published in 1993"

Programmable vehicle monitoring and security system having multiple access verification devices

Abstract: A security system having two-way communication with a central monitoring station. The security system is equipped with a computerized control and communications unit. The control and communications unit is connected to a position determination device and to a calling unit. The control and communications unit is also connected to several intrusion detection devices. Upon direction of the control and communications unit, for example, in response to the detection of a violation of an intrusion detection device, the calling unit establishes a communications link with the central monitoring station and communicates thereto the status and location of the vehicle in which the security system is located. The control and communication device is operable to receive commands from a handset electrically connected thereto. The central monitoring station, by communicating with the control and communications unit, is operable to control functional units of the vehicle. The central monitoring station includes a display on which maps showing the location of vehicles in communication with the monitoring station and information about such vehicles. An operator at the monitoring station may direct equipment in the monitoring station to initiate calls to law enforcement organizations and emergency response vehicles. Other systems and methods are disclosed.

USTAT: a real-time intrusion detection system for UNIX

Abstract: The author presents the design and implementation of a real-time intrusion detection tool, called USTAT, a state transition analysis tool for UNIX. This is a UNIX-specific implementation of a generic design developed by A. Porras and R.A. Kemmerer (1992) as STAT, a state transition analysis tool. State transition analysis is a new approach to representing computer penetrations. In STAT, a penetration is identified as a sequence of state changes that take the computer system from some initial state to a target compromised state. The development of the first USTAT prototype, which is for SunOS 4.1.1, is discussed. USTAT makes use of the audit trails that are collected by the C2 basic security module of SunOS, and it keeps track of only those critical actions that must occur for the successful completion of the penetration. This approach differs from other rule-based penetration identification tools that pattern match sequences of audit records. >

STAT -- A State Transition Analysis Tool For Intrusion Detection

Abstract: This thesis proposes a new approach to representing computer penetrations and applies the approach to the development of a real-time intrusion detection tool. The approach, referred to as penetration state transition analysis, views a penetration as a sequence of state changes that lead a computer system from an initial prerequisite state to a target compromised state. State transitions are defined in terms of critical actions and assertions that describe the pre- and post-action states of the system. A state transition diagram, which is the graphical representation of state transition analysis, identifies precisely the requirements and compromise of a penetration and lists only those critical events that must occur for the successful completion of the penetration. The State Transition Analysis Tool (STAT) is an advanced rule-based expert system that analyzes the audit trails of multi-user computer systems in search of impending security violations. STAT represents state transition diagrams within its rule-base and uses them to seek out those state transitions within the target system that correspond to known penetration scenarios. Unlike comparable analysis tools that pattern match sequences of audit records to the expected audit trails of known penetrations, STAT rules focus on the effects that the individual steps of a penetration have on the state of the computer system. The resulting rule-base is not only more intuitive to read and update than current penetration rule-bases, but also provides greater functionality to detect impending compromises.

System design document: next-generation intrusion detection expert system (nides)

Abstract: R. Jagannathan, Computer Science Laboratory Teresa Lunt, Computer Science Laboratory Debra Anderson, Computer Science Laboratory Chris Dodd, Computer Science Laboratory Fred Gilham, Computer Science Laboratory Caveh Jalali, Computer Science Laboratory Hal Javitz, Statistics Program Peter Neumann, Computer Science Laboratory Ann Tamaru, Computer Science Laboratory Alfonso Valdes, Applied Electromagnetics and Optics Laboratory

Remote patrol system

Abstract: A system for detecting the presence and passage of vehicle, pedestrian, or other intrusion and/or traffic within one or more monitored areas. The system detects intrusions of nontransparent objects which interrupt energy projections, records and stores data on certain characteristics of the intrusion(s), and transmits such data to a base station through a communication link. System estimates approximate size, speed and directional characteristics of intruding object(s) with an "expert system". Selected environmental data may be detected and transmitted along with intrusion data. Provision for photographing intruding objects is included. The base station provides user interfaces, processes intrusion data, reports activity, summarizes traffic data, prints reports and stores such data for future retrival. The intrusion detection system is based on energy projection, and does not require a physical presence such as air hoses, switches or inductive devices across the immediate span being monitored. Devices may be portable, easy to set up and useful for concealed monitoring applications.

The TAMU security package: an ongoing response to internet intruders in an academic environment

Abstract: Texas AM "tiger," a set of easy to use yet thorough machine checking programs; and "netlog," a set of intrusion detection network monitoring programs.

Analysis of an algorithm for distributed recognition and accountability

Abstract: Computer and network systems are vulnerable to attacks. Abandoning the existing huge infrastructure of possibly-insecure computer and network systems is impossible, and replacing them by totally secure systems may not be feasible or cost effective. A common element in many attacks is that a single user will often attempt to intrude upon multiple resources throughout a network. Detecting the attack can become significantly easier by compiling and integrating evidence of such intrusion attempts across the network rather than attempting to assess the situation from the vantage point of only a single host. To solve this problem, we suggest an approach for distributed recognition and accountability (DRA), which consists of algorithms which “process”, at a central location, distributed and asynchronous “reports” generated by computers (or a subset thereof) throughout the network. Our highest-priority objectives are to observe ways by which an individual moves around in a network of computers, including changing user names to possibly hide his/her true identity, and to associate all activities of multiple instances of the same individual to the same networkwide user. We present the DRA algorithm and a sketch of its proof under an initial set of simplifying albeit realistic assumptions. Later, we relax these assumptions to accommodate pragmatic aspects such as missing or delayed “reports”, clock skew, tampered “reports”, etc. We believe that such algorithms will have widespread applications in the future, particularly in intrusion-detection systems.

Motor vehicle security sensor system

Abstract: Sound, vibration and motion are sensed within a motor vehicle to detect glass breakage and unauthorized intrusion into the interior or passenger compartment of the vehicle. Sound and vibration sensing are used to detect glass breakage with motion detection by means of radar or microwaves being utilized for intrusion detection to provide reliable recurring entry detection. The system may be operated to activate the motion sensing only after glass breakage is detected to permit persons and pets to occupy a motor vehicle having a security sensor system which is fully armed. Numerical values are assigned to specific physical sounds and vibrations with the resulting totals being compared to a threshold to determine whether glass breakage has occurred.

Phase shift analysis for vehicle intrusion detection

Abstract: Intrusion into an automotive vehicle interior is detected by passing an airborne acoustic signal through a portion of the vehicle interior when the vehicle security system is active, and by measuring any change in phase in the signal as it passes through the vehicle. The phase of a first frequency component in the signal is sensitive to intrusion into the vehicle, and the phase of a second frequency component is sensitive to false alarm conditions, but is not sensitive to intrusion.

Intrusion detection system

Abstract: PURPOSE:To supply an intrusion detection system which can certainly and correctly detect the presence/absence of invasion and which can detects intrusion without regard to the situation of the installation zone of the system. CONSTITUTION:Antennas 11 are installed on the surface of the ground which needs security. The respective antennas 11 share transmitting and receiving. A center equipment 12 and the respective antennas 11 are connected with a transmitting line 13. A switch can switch the output signal of a transmitter with time division in the center equipment 12. Respective receivers detects signals transmitted by the antennas 11 and a computer detects the amplitude changing quantity A and the phase changing quantity phi of the respective signals. A judging equipment judges the presence/absence of an intruder 18 into the antenna installation area based on the respective changing quantities.

Intrusion detection system utilizing adaptive sensor technology

Abstract: The present invention relates to a dual sensor intrusion detection system which utilizes adaptive sensor detection techniques to reduce false alarms. The adaptive sensor detection techniques include increasing the stability of one sensor after the other sensor continuously detects motion without confirmation by the first sensor.

Design of a remotely operated intrusion detection system for security applications

Abstract: The author discussed a group of recent system level advancements in electronic security systems technology in the areas of sensor signal processing, remote site command, control and communications, and long-life battery operation. The technology for the advancements presented here have been designed, constructed, tested, and incorporated into operational security systems. Actual system architectures and practical embodiments of the designs are presented. The primary applications for these systems are the protection of high value facilities in remote locations and for law enforcement and military operations. >

An Intrusion Detection Architecture for System Security

Abstract: Intrusion detection aims to detect security violations from abnormal pattern of system usage. It is required that user activities be monitored by the system and that monitoring information be analysed to recognize behavior pattern of users. While basic monitoring capability is supported by most computer systems, analysis of monitoring data remains a problem of active research in system security. This paper presents a new software architecture for intrusion detection which makes use of a combination of data analysis and classification technologies including: artificial neural network, unconstrainted optimization, noise reduction, clusters recognition and high-dimensional data visualization. By carefully combining different data processing techniques, our scheme makes full use of their respective merits to solve the intrusion detection problem.