Title :
Real-time intrusion detection
Author_Institution :
SRI Int., Menlo Park, CA, USA
fDate :
Feb. 27 1989-March 3 1989
Abstract :
A real-time intrusion-detection expert system (IDES) is described that observed user behavior on a monitored computer system and adaptively learns what is normal for individual users, groups, remote hosts, and the overall system behavior. Observed behavior is flagged as a potential intrusion if it deviates significantly from the expected behavior or if it triggers a rule in the expert-system rule base. It is shown that because IDES combines a statistical user profile approach with a rule-based expert system that characterizes intrusions, it has the potential to become a strong intrusion-detection system. The IDES prototype is capable of detecting anomalous behavior, as evidenced by preliminary experiments, in real time.<>
Keywords :
expert systems; real-time systems; safety systems; security of data; IDES; adaptive learning; anomalous behavior; expected behavior; groups; individual users; monitored computer system; normal; overall system behavior; real-time intrusion-detection expert system; remote hosts; rule base; statistical user profile; user behaviour observations; Computer science; Computer security; Computer viruses; Computerized monitoring; Data analysis; Data security; Expert systems; Intrusion detection; Laboratories; Real time systems;
Conference_Titel :
COMPCON Spring '89. Thirty-Fourth IEEE Computer Society International Conference: Intellectual Leverage, Digest of Papers.
Conference_Location :
San Francisco, CA, USA
Print_ISBN :
0-8186-1909-0
DOI :
10.1109/CMPCON.1989.301954
