Title :
A system for distributed intrusion detection
Author :
Snapp, S.R. ; Brentano, J. ; Dias, G.V. ; Goan, T.L. ; Grance, T. ; Heberlein, L.T. ; Ho, C.-L. ; Levitt, K.N. ; Mukherjee, B. ; Mansur, D.L. ; Pon, K.L. ; Smaha, S.E.
Author_Institution :
Div. of Comput. Sci., California Univ., Davis, CA, USA
fDate :
Feb. 25 1991-March 1 1991
Abstract :
The network intrusion-detection concept is extended from the LAN (local area network) environment to arbitrarily wider areas, with the network topology being arbitrary as well. The generalized distributed environment is heterogeneous, i.e. the network nodes can be hosts or servers from different vendors, or some of them could be LAN managers. The proposed architecture for this distributed intrusion-detection system consists of the following components: a host manager (namely a monitoring process or collection of processes running in background) in each host: LAN manager for monitoring each LAN in the system; and a central manager, placed at a single secure location, that receives reports from various host and LAN managers and processes these reports, correlates them, and detects intrusions.<>
Keywords :
computer networks; network operating systems; security of data; LAN managers; distributed intrusion detection; generalized distributed environment; host manager; network intrusion-detection concept; secure location; Computer networks; Computer science; Computer security; Cryptography; Event detection; Intrusion detection; Laboratories; Local area networks; Monitoring; Statistical analysis;
Conference_Titel :
Compcon Spring '91. Digest of Papers
Conference_Location :
San Francisco, CA, USA
Print_ISBN :
0-8186-2134-6
DOI :
10.1109/CMPCON.1991.128802
