Real-Time Intrusion Detection with Emphasis on Insider Attacks

  • Shambhu Upadhyaya
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2776)


Securing the cyberspace from attacks is critical to the economy and well being of any country. During the past few years, threats to cyberspace have risen dramatically. It is impossible to close all security loopholes in a computer system by building firewalls or using cryptographic techniques. As a result, intrusion detection has emerged as a key technique for cyber security. Currently there are more than 100 commercial tools and research prototypes for intrusion detection. These can be largely classified as either misuse or anomaly detection systems. While misuse detection looks for specific signs by comparing the current activity against a database of known activity, anomaly detection works by generating a reference line based on the system model and signaling significant deviations from it as intrusions. Both approaches rely on audit trails, which can be very huge. Moreover, conventionally they are off-line and offer little in terms of strong deterrence in the face of attacks.


Intrusion Detection Anomaly Detection Intrusion Detection System Insider Attack Proactive Scheme 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Chinchani, R., Upadhyaya, S., Kwiat, K.: Towards the scalable implementation of a user level anomaly detection system. In: IEEE MILCOM 2002, Anaheim, CA (October 2002)Google Scholar
  2. 2.
    Debar, H., Dacier, M., Wespi, A.: Towards a Taxonomy of Intrusion Detection Systems. Computer Networks 31, 805–822 (1999)CrossRefGoogle Scholar
  3. 3.
    Dening, D.: An Intrusion-Detection Model. IEEE Transactions on Software Engineering SE-13(2), 222–232 (1987)CrossRefGoogle Scholar
  4. 4.
    Upadhyaya, S., Kwiat, K.: A distributed concurrent intrusion detection scheme based on assertions. In: SCS Int. Symposium on Performance Evaluation of Computer and Telecommunication Systems, Chicago, IL, pp. 369–376 (July 1999)Google Scholar
  5. 5.
    Upadhyaya, S., Chinchani, R., Kwiat, K.: An analytical framework for reasoning about intrusions. In: IEEE Symposium on Reliable Distributed Systems, New Orleans, LA , pp. 99–108 (October 2001)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2003

Authors and Affiliations

  • Shambhu Upadhyaya
    • 1
  1. 1.University at BuffaloBuffaloUSA

Personalised recommendations