Definition
Intrusion detection (ID) is the process of monitoring events occurring in a system and signaling responsible parties when interesting (suspicious) activity occurs.
Intrusion detection systems (IDSs) consist of (1) an agent that collects the information on the stream of monitored events, (2) an analysis engine that detects signs of intrusion, and (3) a response module that generates responses based on the outcome from the analysis engine.
Historical Background
The concept of ID has existed for decades in the domains of personal home security, defense, and early-warning systems. However, automated IDSs emerged in the public domain in 1980 [1] and sought to identify possible violations of the system’s security policy by a user or a set of users.
One of the basic elements of an intrusion detection system is the audit log that captures the system activity. The initial IDSs exposed to the academic community stored operating system actions, i.e., addressed the operating system...
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Recommended Reading
Bace RG. Intrusion detection. Macmillan Technical Publishing; 2000.
Lunt T, Halme L, Van Horne J. Automated analysis of computer system audit trails for security purposes. In: Proceedings of the 13th National Computer Security Conference; 1990.
Skardhamar R. Virus: detection and elimination. In: AP Professional; 1996.
Koral I. Ustat: a real-time intrusion detection system for unix. In: Proceedings of the IEEE Symposium on Research in Security and Privacy; 1993.
Vaccaro HS, Liepins GE. Detection of anomalous computer session activity. In: Proceedings of the IEEE Symposium on Research in Security and Privacy; 1989.
Goldberg I, Wagner D, Thomans R, Brewer E. A secure environment for untrusted helper applications (confining the wily hacker). In: Proceedings of the 6th USENIX Security Symposium; 1996.
Winkler JR. A unix prototype for intrusion and anomaly detection in secure networks. In: Thirteenth National Computer Security Conference; 1990.
Lunt TF, Jagannathan R, Lee R, Listgarten S, Edwards DL, Neumann PG, Javitz HS, Al Valdes. Ides: the enhanced prototype, a real-time intrusion detection system. In: Technical Report SRI Project 4185-010, SRI- CSI-88-12; 1988.
Debar H, Becker M, Siboni D. A neural network component for an intrusion detection system. In: Proceedings of the IEEE Computer Society Symposium on Research in Security and Privacy; 1992.
Habra J, Le Charlier B, Mounji A, Mathieu I. ASAX: software architecture and rule-based language for universal audit trail analysis. In: Proceedings of the 2nd European Symposium on Research in Computer Security; 1992. p. 6.
Ko C, Fink G, Levitt K. Automated detection of vulnerabilities in privileged programs by execution monitoring. In: Proceedings of the 10th Annual Computer Security Applications Conference; 1994.
Kumar S, Spafford EH. An application of pattern matching in intrusion detection. In: Purdue University Technical Report CSD-TR-94-013; 1994.
Anderson D, Frivold T, Valdes A. Next-generation intrusion detection expert system (NIDES): a summary. In: SRI International Computer Science Laboratory Technical Report SRI-CSL-95-07; 1995.
Anderson D, Lunt T, Javitz H, Tamaru A, Valdes A. Detecting unusual program behavior using the statistical component of the next-generation intrusion detection expert system (NIDES). In: SRI International Computer Science Laboratory Technical Report SRI-CSL-95-06; 1995.
Javitz H, Valdes A. The NIDES statistical component: description and justification. In: SRI International Computer Science Laboratory Technical Report; 1993.
Lunt TF. A survey of intrusion detection techniques. Comput Secur. 1993;12(4):405–18.
Hochberg J, Jackson J, Stallings C, McClary JF, Dubois D, Ford J. Nadir: an automated system for detecting network intrusion and misuse. Comput Secur. 1993;12(3):235–48.
Heberlein LT. A network security monitor. In: Proceedings of the IEEE Symposium on Research in Security and Privacy; 1990.
Snapp SR, Brentano J, Dias GV, Goan TL, Heberlein LT, Ho C, Levitta KN, Mukherjee B, Smaha SE, Grance T, Teal DM, Mansur D. Dids (distributed intrusion detection system) motivation, architecture, and an early prototype. Internet Besieged: Countering Cyberspace Scofflaws; 1998. p. 211–27.
Stanfiford Chen S, Cheung S, Crawford R, Dilger M, Frank J, Hoagland J, Levitt K, Wee C, Yip R, Zerkle D. Grids – a graph based intrusion detection system for large networks. In: Proceedings of the 19th National Information Systems Security Conference; 1996.
Frank Jou Y, Gong F, Sargor C, Wu SF, Rance CW. Architecture design of a scalable intrusion detection system for the emerging network infrastructure. In: North Carolina State University Technical Report CDRL A005; 1997.
Porras PA, Neumann PG. Emerald: event monitoring enabling responses to anomalous live disturbances. In: Proceedings of the 19th National Computer Security Conference; 1997.
Paxon V. Bro: a system for detecting network intruders in real-time. In: Proceedings of the 7th USENIX Security Symposium; 1988.
Sebring MM, Shellhouse E, Hanna ME, Whitehurst RA. Expert systems in intrusion detection: a case study. In: Proceedings of the 11th National Computer Security Conference; 1988.
Tener WT. Discovery: an expert system in the commercial data security environment. In: Proceedings of the IFIP Security Conference; 1986.
Lee W. A data mining framework for building intrusion detection models. In: Proceedings of the IEEE Symposium on Security and Privacy; 1999.
Bertino E, Kamra A, Terzi E, Vakali A. Intrusion detection in RBAC-administered databases. In: Proceedings of the 21st Annual Computer Security Applications Conference; 2005. p. 170–82.
Lee VCS, Stankovic JA, Son SH. Intrusion detection in real-time database systems via time signatures. In: Proceedings of the IEEE Real Time Technology and Applications Symposium; 2000. p. 124–33.
Wenhui S, Tan D. A novel intrusion detection system model for securing web-based database systems. In: Proceedings of the 25th Annual International Computer Software and Applications Conference; 2001. p. 249.
Butun I, Morgera SD, Sankar R. A survey of intrusion detection systems in wireless sensor networks. IEEE Commun Surv Tutor. 2014;16(1):266–82.
Krontiris I, Dimitriou T, Freiling FC. Towards intrusion detection in wireless sensor networks. In: Proceedings of the 13th European Wireless Conference; 2007.
Sun B, Osborne L, Yang X, Guizani S. Intrusion detection techniques in mobile ad hoc and wireless sensor networks. Wirel Commun IEEE. 2007;14(5):56–63.
Yazji S, Scheuermann P, Dick RP, Trajcevski G, Jin R. Efficient location aware intrusion detection to protect mobile devices. Pers Ubiquit Comput. 2014;18(1):143–62.
Brahmkstri K, Thomas D, Sawant ST, Jadhav A, Kshirsagar DD. Ontology based multi-agent intrusion detection system for web service attacks using self learning. In: Networks and communications (NetCom2013). Springer International Publishing; 2014. p. 265–74.
Cheung S, Dutertre B, Fong M, Lindqvist U, Skinner K, Valdes A. Using model-based intrusion detection for SCADA networks. In: Proceedings of the SCADA Security Scientific Symposium; 2007. p. 1–12.
Berthier R, Sanders WH, Khurana H. Intrusion detection for advanced metering infrastructures: requirements and architectural directions. In: 2010 First IEEE International Conference on Smart Grid Communications; 2010. p. 350–5.
Gulisano V, Almgren M, Papatriantafilou M. METIS: a two-tier intrusion detection system for advanced metering infrastructures. In: Proceedings of the 5th International Conference on Future Energy Systems; 2014. p. 211–2.
Vieira K, Schulter A, Westphall C, Westphall CM. Intrusion detection for grid and cloud computing. IT Prof. 2010;12(4):38–43.
Moffie M, Kaeli D, Cohen A, Aslam J, Alshawabkeh M, Dy J, Azmandian F. VMM-based intrusion detection system. US Patent 8,719,936, issued May 6, 2014.
Roschke S, Cheng F, Meinel C. Intrusion detection in the cloud. In: Proceedings of the 2009 8th IEEE International Conference on Dependable, Autonomic and Secure Computing; 2009. p. 729–34.
Mitchell R, Chen I-R. A survey of intrusion detection techniques for cyber-physical systems. ACM Comput Surv. 2014;46(4):55.
Axelsson S. Research in intrusion detection systems: a survey. In: Technical Report 98-17 (revised in 1999) Chalmers University of Technology; 1999.
Lee W, Fan W. Mining system audit data: opportunities and challenges. SIGMOD Rec. 2001;30(4):35–44.
Stolfo SJ, Lee W, Chan PK, Fan W, Eskin E. Data mining-based intrusion detectors: an overview of the Columbia ids project. SIGMOD Rec. 2001;30(4):5–14.
Kim GH, Spafford EH. A design and implementation of tripwire: a file system integrity checker. In: Purdue Technical Report CSD-TR-93-071; 1993.
Kim GH, Spafford EH. Experiences with tripwire: using integrity checkers for intrusion detection. In: Purdue Technical Report CSD-TR-94-012; 1994.
Bertino E, Leggieri T, Terzi E. Securing dbms: characterizing and detecting query floods. In: Proceedings of the 7th International Conference on Information Security; 2004. p. 195–206.
Huang Y, Fan W, Lee W, Yu P. Cross-feature analysis for detecting ad-hoc routing anomalies. In: Proceedings of the 23rd International Conference on Distributed Computing Systems; 2003.
Kruegel C, Mutz D, Robertson W, Valeur F. Bayesian event classification for intrusion detection. In: ACSAC; 2003.
Lane T, Brodley CE. Temporal sequence learning and data reduction for anomaly detection. ACM Trans Inf Syst Secur. 1999;2(3):295–331.
Lee W, Xiang D. Information-theoretic measures for anomaly detection. In: IEEE Symposium on Security and Privacy; 2001. p. 130–43.
Ramadas M, Ostermann S, Tjaden BC. Detecting anomalous network traffic with self-organizing maps. In: RAID; 2003. p. 36–54.
Tsai C-F, Hsu Y-F, Lin C-Y, Lin W-Y. Intrusion detection by machine learning: a review. Expert Syst Appl. 2009;36(10):11994–2000.
Sebring M, Shellhouse E, Hanna M, Whitehurst R. Midas: multics intrusion detection and alerting system. Technical Report, National Computer Security Center, SRI International, Ft. Meade; 1998. p. 7.
Ilgun K, Kemmerer RA, Porras PA. State transition analysis: a rule-based intrusion detection approach. IEEE Trans Softw Eng. 1995;21(3):181–99.
Wu SX, Banzhaf W. The use of computational intelligence in intrusion detection systems: a review. Appl Soft Comput. 2010;10(1):1–35.
Zhou CV, Leckie C, Karunasekera S. A survey of coordinated attacks and collaborative intrusion detection. Comput Secur. 2010;29(1):124–40.
Wood M, Erlinger MA. Intrusion detection message exchange requirements. IETF Network Working Group. 2007. http://www.ietf.org/rfc/rfc4765.txt.
Dowell C, Ramstedt P. The computer watch data reduction tool. In: IEEE Symposium on Research in Security and Privacy; 1989.
Smaha SE. An intrusion detection system for the air force. In: Fourth Aerospace Computer Security Applications Conference; 1988.
Wang Y, Wang X, Xie B, Wang D, Agrawal DP. Intrusion detection in homogenous and heterogeneous wireless sensor networks. IEEE Trans Mob Comput. 2008;7(6).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Section Editor information
Rights and permissions
Copyright information
© 2018 Springer Science+Business Media, LLC, part of Springer Nature
About this entry
Cite this entry
Gradison, T., Terzi, E. (2018). Intrusion Detection Technology. In: Liu, L., Özsu, M.T. (eds) Encyclopedia of Database Systems. Springer, New York, NY. https://doi.org/10.1007/978-1-4614-8265-9_209
Download citation
DOI: https://doi.org/10.1007/978-1-4614-8265-9_209
Published:
Publisher Name: Springer, New York, NY
Print ISBN: 978-1-4614-8266-6
Online ISBN: 978-1-4614-8265-9
eBook Packages: Computer ScienceReference Module Computer Science and Engineering