Experiences on Designing an Integral Intrusion Detection System

Author

Penya, Yoseba K. ; Bringas, Pablo G.

Author_Institution

S3Lab. Deusto Technol. Found. Bilbao, Basque

fYear

2008

fDate

1-5 Sept. 2008

Firstpage

675

Lastpage

679

Abstract

Network intrusion detection systems (NIDS) have the challenge to prevent network attacks and unauthorised remote use of computers. In order to achieve this goal, NIDS usually follow two different strategies. The first one aims at detecting forbidden usage of the network and the second one concentrates on finding illegitimate behaviour. The first methodology accomplishes its goal by defining all possible attacks and the second by modelling the normal usage to detect anything that does not fit on that muster; this difference has rendered both alternatives so far incompatible. In previous works we have presented ESIDE-Depian, the first inherently unified misuse and anomaly detector. This paper focuses on the problems and difficulties that arose in the integration process and the solutions designed to overcome them.

Keywords

computer networks; security of data; ESIDE-Depian; anomaly detector; forbidden usage detection; illegitimate behaviour finding; integral intrusion detection system; network intrusion detection systems; Bayesian methods; Computer networks; Databases; Detectors; Expert systems; Internet; Intrusion detection; Protection; Telecommunication traffic; Traffic control; Anomaly Detection; Bayesian Networks; Data Mining; Intrusion Detection; Intrusion Prevention; Machine Learning; Misuse Detection;

fLanguage

English

Publisher

ieee

Conference_Titel

Database and Expert Systems Application, 2008. DEXA '08. 19th International Workshop on

Conference_Location

Turin

ISSN

1529-4188

Print_ISBN

978-0-7695-3299-8

Type

conf

DOI

10.1109/DEXA.2008.54

Filename

4624796