NIDX-an expert system for real-time network intrusion detection

Author

Bauer, David S. ; Koblentz, Michael E.

Author_Institution

Bell Commun. Res. Inc., Piscataway, NJ, USA

fYear

1988

Firstpage

98

Lastpage

106

Abstract

A knowledge-based prototype network intrusion detection expert system (NIDX) for the Unix System V environment is described. NIDX combines knowledge describing the target system, history profiles of users´ past activities, and intrusion detection heuristics from a knowledge-based system capable of detecting specific violations that occur on the target system. Intrusions are detected by classifying user activity from a real-time audit trail of Unix system calls and then, using system-specific knowledge and heuristics about typical intrusions and attack techniques, determining whether or not the activity is an intrusion. The authors describe the NIDX knowledge base, and Unix system audit trail mechanism and history profiles , and demonstrate the knowledge-based intrusion detection process.<>

Keywords

computer networks; data communication systems; expert systems; operating systems (computers); real-time systems; security of data; NIDX; Unix System V environment; Unix system calls; attack techniques; heuristics; history profiles; knowledge-based prototype; real-time audit trail; real-time network intrusion detection; system-specific knowledge; user activity; Communication system control; Communication system security; Data security; Expert systems; History; Intrusion detection; Knowledge based systems; Operating systems; Prototypes; Real time systems;

fLanguage

English

Publisher

ieee

Conference_Titel

Computer Networking Symposium, 1988., Proceedings of the

Conference_Location

Washington, DC, USA

Print_ISBN

0-8186-0835-8

Type

conf

DOI

10.1109/CNS.1988.4983

Filename

4983