Real-Time Intrusion Detection with Emphasis on Insider Attacks
Securing the cyberspace from attacks is critical to the economy and well being of any country. During the past few years, threats to cyberspace have risen dramatically. It is impossible to close all security loopholes in a computer system by building firewalls or using cryptographic techniques. As a result, intrusion detection has emerged as a key technique for cyber security. Currently there are more than 100 commercial tools and research prototypes for intrusion detection. These can be largely classified as either misuse or anomaly detection systems. While misuse detection looks for specific signs by comparing the current activity against a database of known activity, anomaly detection works by generating a reference line based on the system model and signaling significant deviations from it as intrusions. Both approaches rely on audit trails, which can be very huge. Moreover, conventionally they are off-line and offer little in terms of strong deterrence in the face of attacks.
KeywordsIntrusion Detection Anomaly Detection Intrusion Detection System Insider Attack Proactive Scheme
Unable to display preview. Download preview PDF.
- 1.Chinchani, R., Upadhyaya, S., Kwiat, K.: Towards the scalable implementation of a user level anomaly detection system. In: IEEE MILCOM 2002, Anaheim, CA (October 2002)Google Scholar
- 4.Upadhyaya, S., Kwiat, K.: A distributed concurrent intrusion detection scheme based on assertions. In: SCS Int. Symposium on Performance Evaluation of Computer and Telecommunication Systems, Chicago, IL, pp. 369–376 (July 1999)Google Scholar
- 5.Upadhyaya, S., Chinchani, R., Kwiat, K.: An analytical framework for reasoning about intrusions. In: IEEE Symposium on Reliable Distributed Systems, New Orleans, LA , pp. 99–108 (October 2001)Google Scholar