Encyclopedia of Database Systems

2018 Edition
| Editors: Ling Liu, M. Tamer Özsu

Intrusion Detection Technology

  • Tyrone GradisonEmail author
  • Evimaria Terzi
Reference work entry
DOI: https://doi.org/10.1007/978-1-4614-8265-9_209


Intrusion detection (ID) is the process of monitoring events occurring in a system and signaling responsible parties when interesting (suspicious) activity occurs.

Intrusion detection systems (IDSs) consist of (1) an agent that collects the information on the stream of monitored events, (2) an analysis engine that detects signs of intrusion, and (3) a response module that generates responses based on the outcome from the analysis engine.

Historical Background

The concept of ID has existed for decades in the domains of personal home security, defense, and early-warning systems. However, automated IDSs emerged in the public domain in 1980 [1] and sought to identify possible violations of the system’s security policy by a user or a set of users.

One of the basic elements of an intrusion detection system is the audit log that captures the system activity. The initial IDSs exposed to the academic community stored operating system actions, i.e., addressed the operating system...

This is a preview of subscription content, log in to check access.

Recommended Reading

  1. 1.
    Bace RG. Intrusion detection. Macmillan Technical Publishing; 2000.Google Scholar
  2. 2.
    Lunt T, Halme L, Van Horne J. Automated analysis of computer system audit trails for security purposes. In: Proceedings of the 13th National Computer Security Conference; 1990.Google Scholar
  3. 3.
    Skardhamar R. Virus: detection and elimination. In: AP Professional; 1996.Google Scholar
  4. 4.
    Koral I. Ustat: a real-time intrusion detection system for unix. In: Proceedings of the IEEE Symposium on Research in Security and Privacy; 1993.Google Scholar
  5. 5.
    Vaccaro HS, Liepins GE. Detection of anomalous computer session activity. In: Proceedings of the IEEE Symposium on Research in Security and Privacy; 1989.Google Scholar
  6. 6.
    Goldberg I, Wagner D, Thomans R, Brewer E. A secure environment for untrusted helper applications (confining the wily hacker). In: Proceedings of the 6th USENIX Security Symposium; 1996.Google Scholar
  7. 7.
    Winkler JR. A unix prototype for intrusion and anomaly detection in secure networks. In: Thirteenth National Computer Security Conference; 1990.Google Scholar
  8. 8.
    Lunt TF, Jagannathan R, Lee R, Listgarten S, Edwards DL, Neumann PG, Javitz HS, Al Valdes. Ides: the enhanced prototype, a real-time intrusion detection system. In: Technical Report SRI Project 4185-010, SRI- CSI-88-12; 1988.Google Scholar
  9. 9.
    Debar H, Becker M, Siboni D. A neural network component for an intrusion detection system. In: Proceedings of the IEEE Computer Society Symposium on Research in Security and Privacy; 1992.Google Scholar
  10. 10.
    Habra J, Le Charlier B, Mounji A, Mathieu I. ASAX: software architecture and rule-based language for universal audit trail analysis. In: Proceedings of the 2nd European Symposium on Research in Computer Security; 1992. p. 6.CrossRefGoogle Scholar
  11. 11.
    Ko C, Fink G, Levitt K. Automated detection of vulnerabilities in privileged programs by execution monitoring. In: Proceedings of the 10th Annual Computer Security Applications Conference; 1994.Google Scholar
  12. 12.
    Kumar S, Spafford EH. An application of pattern matching in intrusion detection. In: Purdue University Technical Report CSD-TR-94-013; 1994.Google Scholar
  13. 13.
    Anderson D, Frivold T, Valdes A. Next-generation intrusion detection expert system (NIDES): a summary. In: SRI International Computer Science Laboratory Technical Report SRI-CSL-95-07; 1995.Google Scholar
  14. 14.
    Anderson D, Lunt T, Javitz H, Tamaru A, Valdes A. Detecting unusual program behavior using the statistical component of the next-generation intrusion detection expert system (NIDES). In: SRI International Computer Science Laboratory Technical Report SRI-CSL-95-06; 1995.Google Scholar
  15. 15.
    Javitz H, Valdes A. The NIDES statistical component: description and justification. In: SRI International Computer Science Laboratory Technical Report; 1993.Google Scholar
  16. 16.
    Lunt TF. A survey of intrusion detection techniques. Comput Secur. 1993;12(4):405–18.CrossRefGoogle Scholar
  17. 17.
    Hochberg J, Jackson J, Stallings C, McClary JF, Dubois D, Ford J. Nadir: an automated system for detecting network intrusion and misuse. Comput Secur. 1993;12(3):235–48.CrossRefGoogle Scholar
  18. 18.
    Heberlein LT. A network security monitor. In: Proceedings of the IEEE Symposium on Research in Security and Privacy; 1990.Google Scholar
  19. 19.
    Snapp SR, Brentano J, Dias GV, Goan TL, Heberlein LT, Ho C, Levitta KN, Mukherjee B, Smaha SE, Grance T, Teal DM, Mansur D. Dids (distributed intrusion detection system) motivation, architecture, and an early prototype. Internet Besieged: Countering Cyberspace Scofflaws; 1998. p. 211–27.Google Scholar
  20. 20.
    Stanfiford Chen S, Cheung S, Crawford R, Dilger M, Frank J, Hoagland J, Levitt K, Wee C, Yip R, Zerkle D. Grids – a graph based intrusion detection system for large networks. In: Proceedings of the 19th National Information Systems Security Conference; 1996.Google Scholar
  21. 21.
    Frank Jou Y, Gong F, Sargor C, Wu SF, Rance CW. Architecture design of a scalable intrusion detection system for the emerging network infrastructure. In: North Carolina State University Technical Report CDRL A005; 1997.Google Scholar
  22. 22.
    Porras PA, Neumann PG. Emerald: event monitoring enabling responses to anomalous live disturbances. In: Proceedings of the 19th National Computer Security Conference; 1997.Google Scholar
  23. 23.
    Paxon V. Bro: a system for detecting network intruders in real-time. In: Proceedings of the 7th USENIX Security Symposium; 1988.Google Scholar
  24. 24.
    Sebring MM, Shellhouse E, Hanna ME, Whitehurst RA. Expert systems in intrusion detection: a case study. In: Proceedings of the 11th National Computer Security Conference; 1988.Google Scholar
  25. 25.
    Tener WT. Discovery: an expert system in the commercial data security environment. In: Proceedings of the IFIP Security Conference; 1986.Google Scholar
  26. 26.
    Lee W. A data mining framework for building intrusion detection models. In: Proceedings of the IEEE Symposium on Security and Privacy; 1999.Google Scholar
  27. 27.
    Bertino E, Kamra A, Terzi E, Vakali A. Intrusion detection in RBAC-administered databases. In: Proceedings of the 21st Annual Computer Security Applications Conference; 2005. p. 170–82.Google Scholar
  28. 28.
    Lee VCS, Stankovic JA, Son SH. Intrusion detection in real-time database systems via time signatures. In: Proceedings of the IEEE Real Time Technology and Applications Symposium; 2000. p. 124–33.Google Scholar
  29. 29.
    Wenhui S, Tan D. A novel intrusion detection system model for securing web-based database systems. In: Proceedings of the 25th Annual International Computer Software and Applications Conference; 2001. p. 249.Google Scholar
  30. 30.
    Butun I, Morgera SD, Sankar R. A survey of intrusion detection systems in wireless sensor networks. IEEE Commun Surv Tutor. 2014;16(1):266–82.CrossRefGoogle Scholar
  31. 31.
    Krontiris I, Dimitriou T, Freiling FC. Towards intrusion detection in wireless sensor networks. In: Proceedings of the 13th European Wireless Conference; 2007.Google Scholar
  32. 32.
    Sun B, Osborne L, Yang X, Guizani S. Intrusion detection techniques in mobile ad hoc and wireless sensor networks. Wirel Commun IEEE. 2007;14(5):56–63.CrossRefGoogle Scholar
  33. 33.
    Yazji S, Scheuermann P, Dick RP, Trajcevski G, Jin R. Efficient location aware intrusion detection to protect mobile devices. Pers Ubiquit Comput. 2014;18(1):143–62.CrossRefGoogle Scholar
  34. 34.
    Brahmkstri K, Thomas D, Sawant ST, Jadhav A, Kshirsagar DD. Ontology based multi-agent intrusion detection system for web service attacks using self learning. In: Networks and communications (NetCom2013). Springer International Publishing; 2014. p. 265–74.Google Scholar
  35. 35.
    Cheung S, Dutertre B, Fong M, Lindqvist U, Skinner K, Valdes A. Using model-based intrusion detection for SCADA networks. In: Proceedings of the SCADA Security Scientific Symposium; 2007. p. 1–12.Google Scholar
  36. 36.
    Berthier R, Sanders WH, Khurana H. Intrusion detection for advanced metering infrastructures: requirements and architectural directions. In: 2010 First IEEE International Conference on Smart Grid Communications; 2010. p. 350–5.Google Scholar
  37. 37.
    Gulisano V, Almgren M, Papatriantafilou M. METIS: a two-tier intrusion detection system for advanced metering infrastructures. In: Proceedings of the 5th International Conference on Future Energy Systems; 2014. p. 211–2.Google Scholar
  38. 38.
    Vieira K, Schulter A, Westphall C, Westphall CM. Intrusion detection for grid and cloud computing. IT Prof. 2010;12(4):38–43.CrossRefGoogle Scholar
  39. 39.
    Moffie M, Kaeli D, Cohen A, Aslam J, Alshawabkeh M, Dy J, Azmandian F. VMM-based intrusion detection system. US Patent 8,719,936, issued May 6, 2014.Google Scholar
  40. 40.
    Roschke S, Cheng F, Meinel C. Intrusion detection in the cloud. In: Proceedings of the 2009 8th IEEE International Conference on Dependable, Autonomic and Secure Computing; 2009. p. 729–34.Google Scholar
  41. 41.
    Mitchell R, Chen I-R. A survey of intrusion detection techniques for cyber-physical systems. ACM Comput Surv. 2014;46(4):55.CrossRefGoogle Scholar
  42. 42.
    Axelsson S. Research in intrusion detection systems: a survey. In: Technical Report 98-17 (revised in 1999) Chalmers University of Technology; 1999.Google Scholar
  43. 43.
    Lee W, Fan W. Mining system audit data: opportunities and challenges. SIGMOD Rec. 2001;30(4):35–44.CrossRefGoogle Scholar
  44. 44.
    Stolfo SJ, Lee W, Chan PK, Fan W, Eskin E. Data mining-based intrusion detectors: an overview of the Columbia ids project. SIGMOD Rec. 2001;30(4):5–14.CrossRefGoogle Scholar
  45. 45.
    Kim GH, Spafford EH. A design and implementation of tripwire: a file system integrity checker. In: Purdue Technical Report CSD-TR-93-071; 1993.Google Scholar
  46. 46.
    Kim GH, Spafford EH. Experiences with tripwire: using integrity checkers for intrusion detection. In: Purdue Technical Report CSD-TR-94-012; 1994.Google Scholar
  47. 47.
    Bertino E, Leggieri T, Terzi E. Securing dbms: characterizing and detecting query floods. In: Proceedings of the 7th International Conference on Information Security; 2004. p. 195–206.Google Scholar
  48. 48.
    Huang Y, Fan W, Lee W, Yu P. Cross-feature analysis for detecting ad-hoc routing anomalies. In: Proceedings of the 23rd International Conference on Distributed Computing Systems; 2003.Google Scholar
  49. 49.
    Kruegel C, Mutz D, Robertson W, Valeur F. Bayesian event classification for intrusion detection. In: ACSAC; 2003.Google Scholar
  50. 50.
    Lane T, Brodley CE. Temporal sequence learning and data reduction for anomaly detection. ACM Trans Inf Syst Secur. 1999;2(3):295–331.CrossRefGoogle Scholar
  51. 51.
    Lee W, Xiang D. Information-theoretic measures for anomaly detection. In: IEEE Symposium on Security and Privacy; 2001. p. 130–43.Google Scholar
  52. 52.
    Ramadas M, Ostermann S, Tjaden BC. Detecting anomalous network traffic with self-organizing maps. In: RAID; 2003. p. 36–54.Google Scholar
  53. 53.
    Tsai C-F, Hsu Y-F, Lin C-Y, Lin W-Y. Intrusion detection by machine learning: a review. Expert Syst Appl. 2009;36(10):11994–2000.CrossRefGoogle Scholar
  54. 54.
    Sebring M, Shellhouse E, Hanna M, Whitehurst R. Midas: multics intrusion detection and alerting system. Technical Report, National Computer Security Center, SRI International, Ft. Meade; 1998. p. 7.Google Scholar
  55. 55.
    Ilgun K, Kemmerer RA, Porras PA. State transition analysis: a rule-based intrusion detection approach. IEEE Trans Softw Eng. 1995;21(3):181–99.CrossRefGoogle Scholar
  56. 56.
    Wu SX, Banzhaf W. The use of computational intelligence in intrusion detection systems: a review. Appl Soft Comput. 2010;10(1):1–35.CrossRefGoogle Scholar
  57. 57.
    Zhou CV, Leckie C, Karunasekera S. A survey of coordinated attacks and collaborative intrusion detection. Comput Secur. 2010;29(1):124–40.CrossRefGoogle Scholar
  58. 58.
    Wood M, Erlinger MA. Intrusion detection message exchange requirements. IETF Network Working Group. 2007. http://www.ietf.org/rfc/rfc4765.txt.
  59. 59.
    Dowell C, Ramstedt P. The computer watch data reduction tool. In: IEEE Symposium on Research in Security and Privacy; 1989.Google Scholar
  60. 60.
    Smaha SE. An intrusion detection system for the air force. In: Fourth Aerospace Computer Security Applications Conference; 1988.Google Scholar
  61. 61.
    Wang Y, Wang X, Xie B, Wang D, Agrawal DP. Intrusion detection in homogenous and heterogeneous wireless sensor networks. IEEE Trans Mob Comput. 2008;7(6).Google Scholar

Copyright information

© Springer Science+Business Media, LLC, part of Springer Nature 2018

Authors and Affiliations

  1. 1.Proficiency LabsAshlandUSA
  2. 2.Computer Science DepartmentBoston UniversityBostonUSA
  3. 3.IBM Almaden Research CenterSan JoseUSA

Section editors and affiliations

  • Elena Ferrari
    • 1
  1. 1.DISTAUniversità degli Studi dell’InsubriaVareseItaly