Title :
Knowledge-based intrusion detection
Author :
Lunt, Teresa F. ; Jagannathan, R. ; Lee, Rosanna ; Whitehurst, Alan ; Listgarten, Sherry
Author_Institution :
SRI Int., Menlo Park, CA, USA
Abstract :
The authors describe the expert-system aspects of IDES (intrusion-detection expert system). A system for computer intrusion detection IDES uses two distinct approaches to detect anomalies (which could signify intrusions) in a computer system, namely, statistical and rule-based anomaly detection. In the statistical approach, recent behavior of a subject of a computer system is compared with observed behavior and any significant deviation is considered anomalous. In the rule-based approach, acceptable behaviour of a subject is captured by a set of rules which is used to identify anomalous observed behavior. The authors claim that integrating the two approaches in IDES provides for a comprehensive system for detecting intrusions as they occur
Keywords :
auditing; expert systems; safety systems; security of data; acceptable behaviour; audit data processing; automated audit trail analysis; computer intrusion detection; computer security; intrusion-detection expert system; observed behavior; rule-based anomaly detection; statistical anomaly detection; statistical intrusion detection; Access control; Computer science; Computer security; Data analysis; Data security; Expert systems; Intrusion detection; Laboratories; Pattern analysis; Real time systems;
Conference_Titel :
AI Systems in Government Conference, 1989.,Proceedings of the Annual
Conference_Location :
Washington, DC
Print_ISBN :
0-8186-1934-1
DOI :
10.1109/AISIG.1989.47311
