A network security monitor

Author

Heberlein, L. Todd ; Dias, Gihan V. ; Levitt, Karl N. ; Mukherjee, Biswanath ; Wood, Jefl ; Wolber, David

Author_Institution

Dept. of Electr. Eng. & Comput. Sci., California Univ., Davis, CA, USA

fYear

1990

fDate

7-9 May 1990

Firstpage

296

Lastpage

304

Abstract

This study concentrates on the security-related issues in a single broadcast LAN (local area network) such as Ethernet. The authors formalize various possible network attacks. Their basic strategy is to develop profiles of usage of network resources and then compare current usage patterns with the historical profile to determine possible security violations. Thus, the work is similar to the host-based intrusion-detection systems. Different from such systems, however, is the use of a hierarchical model to refine the focus of the intrusion-detection mechanism. The authors also report on the development of an experimental LAN monitor currently under implementation. Several network attacks have been simulated, and results on how the monitor has been able to detect these attacks are analyzed. Initial results demonstrate that many network attacks are detectable with the authors´ monitor, although it can be defeated

Keywords

local area networks; security of data; Ethernet; hierarchical model; host-based intrusion-detection systems; local area network; network resources; network security monitor; single broadcast LAN; Area measurement; Broadcasting; Computer networks; Computer science; Computer security; Computerized monitoring; Ethernet networks; Information security; Local area networks; Wide area networks;

fLanguage

English

Publisher

ieee

Conference_Titel

Research in Security and Privacy, 1990. Proceedings., 1990 IEEE Computer Society Symposium on

Conference_Location

Oakland, CA

Print_ISBN

0-8186-2060-9

Type

conf

DOI

10.1109/RISP.1990.63859

Filename

63859