A system for distributed intrusion detection

Author

Snapp, S.R. ; Brentano, J. ; Dias, G.V. ; Goan, T.L. ; Grance, T. ; Heberlein, L.T. ; Ho, C.-L. ; Levitt, K.N. ; Mukherjee, B. ; Mansur, D.L. ; Pon, K.L. ; Smaha, S.E.

Author_Institution

Div. of Comput. Sci., California Univ., Davis, CA, USA

fYear

1991

fDate

Feb. 25 1991-March 1 1991

Firstpage

170

Lastpage

176

Abstract

The network intrusion-detection concept is extended from the LAN (local area network) environment to arbitrarily wider areas, with the network topology being arbitrary as well. The generalized distributed environment is heterogeneous, i.e. the network nodes can be hosts or servers from different vendors, or some of them could be LAN managers. The proposed architecture for this distributed intrusion-detection system consists of the following components: a host manager (namely a monitoring process or collection of processes running in background) in each host: LAN manager for monitoring each LAN in the system; and a central manager, placed at a single secure location, that receives reports from various host and LAN managers and processes these reports, correlates them, and detects intrusions.<>

Keywords

computer networks; network operating systems; security of data; LAN managers; distributed intrusion detection; generalized distributed environment; host manager; network intrusion-detection concept; secure location; Computer networks; Computer science; Computer security; Cryptography; Event detection; Intrusion detection; Laboratories; Local area networks; Monitoring; Statistical analysis;

fLanguage

English

Publisher

ieee

Conference_Titel

Compcon Spring '91. Digest of Papers

Conference_Location

San Francisco, CA, USA

Print_ISBN

0-8186-2134-6

Type

conf

DOI

10.1109/CMPCON.1991.128802

Filename

128802