Skip to main content Accessibility help

We use cookies to distinguish you from other users and to provide you with a better experience on our websites. Close this message to accept cookies or find out how to manage your cookie settings.

Close cookie message
×
Hostname: page-component-76fb5796d-x4r87 Total loading time: 0 Render date: 2024-04-25T14:03:36.171Z Has data issue: false hasContentIssue false

11 - Intrusion detection systems

from IV - Protecting enterprises

Published online by Cambridge University Press:  11 September 2009

Mohammad Obaidat  and
Noureddine Boudriga
Mohammad Obaidat
Affiliation:
Monmouth University, New Jersey
Noureddine Boudriga
Affiliation:
Université du 7 Novembre à Carthage, Tunis
Get access

Summary

Intrusion detection systems analyze an e-based computer and network system and user operations in search of activity considered undesirable from a security point of view. Because of the complicated structures of attacks, data sources for intrusion detection may include audit information, network traffic, application logs or data collected from file system alteration monitors. Generated alerts are correlated in order to reduce the number of false alarms, detect efficiently multi-action attacks, and propose responses to intrusions.

Introduction

Intrusion detection is the process designed to monitor, analyze, and correlate the information events that occur in a network or a computer system, in order to detect malicious computer and network activities, find signs of intrusions and trigger (or propose) immediate responses to protect the system under monitoring. An intrusion is defined as an attempt to compromise the confidentiality, integrity, availability of a system or to go around the security mechanisms of the system. An intrusion is performed by an adversary accessing the system remotely, an authorized user trying to gain additional privileges that they are not allowed to have, or an authorized user misusing the privilege he is granted. Intrusion detection allows enterprises to defend their information systems against threats.

Although the current intrusion detection technologies cannot provide a complete protection against attacks, it enhances protection capabilities of enterprises and completes the myriad of security solutions. Intrusion detection products, however, are different from other security products.

Type
Chapter
Information
Security of e-Systems and Computer Networks , pp. 249 - 273
Publisher: Cambridge University Press
Print publication year: 2007

Access options

Get access to the full version of this content by using one of the access options below. (Log in options will check for institutional or personal access. Content may require purchase if you do not have access.)

References

Anttila, J. (2004). Intrusion detection in critical e-business environment. Master Thesis, University of Helsinki.Google Scholar
Cuppens, F., Autrel, F., Miege, Al., and Benfarhat, S. (2002a). Correlation in an intrusion detection process. SECI02, France.Google Scholar
Cuppens, F., Autrel, F., Miege, A., and Benferhat, S. (2002b). Recognizing malicious intention in an intrusion detection process, Proceedings of Soft Computing Systems – Design, Management and Applications, HIS 2002, December 1–4 2002; Frontiers in Artificial Intelligence and Applications, Vol. 87, 806–17.Google Scholar
Curry, D. and H. Debar (2003). Intrusion detection message exchange format: Extensible Markup Language (XML) document type definition. draft-ietf-idwg-idmef-xml-10.txt.
Haines, J., Ryder, D. K., Tinnel, L., and Taylor, S. (2003). Validation of sensor alert correlators. IEEE Security & Privacy Magazine, 1(1), 45–56.Google Scholar
Information Security Committee (2001). PKI Assessement Guidelines.
Kruegel, C., Valeurm, F., and Vigna, G. (2002). Stateful intrusion detection for high-speed networks. 2002 IEEE Symposium on Security and Privacy, Berkeley, California, May 2002, pp. 266–274.Google Scholar
McAlemey, J., Colt, C., and Staniford, S. (2001). Towards faster string matching for intrusion detection or exceeding the speed of snort, DARPA Information survivability conference and exposition, Anaheim, California, June 2001, pp. 367–373.Google Scholar
Ning, P., Cui, Y., and Reeves, D. S. (2002). Constructing attack scenarios through correlation of intrusion alerts. In Proceedings of the ACM Conference on Computer and Communication Security, Washington DC, Nov. 2002, ACM, pp. 245–54.Google Scholar
Pennington, A. G., Strunk, J. D., Griffin, J. L., Soules, C. A. N., Goodson, G. R., and Ganger, G. R. (2003). Storage-based intrusion detection: watching storage activity for suspicious behavior. Usenix Security Symposium, Washington, August 2003.Google Scholar
Porras, P. A. and Valdes, A. (1998). Live traffic analysis of TCP/IP gateways. Proceedings of the 1998 ISOC symposium on Network and Distributed System Security (NDSS'98), San Diego, CA.Google Scholar
Naga, Raju P. (2005). State-of-the-art intrusion detection: technologies, challenges, and evaluation. Master Thesis, University of Helsinki.Google Scholar
Shankar, M., Rao, N., and Batsell, S. (2003). Fusing intrusion data for detection and containment, Milcon 2003, IEEE military communication conference, Vol. 22, No 1, 741–8.Google Scholar
Undercoffer, J., Joshi, A., and Pinkston, J. (2003). Modeling computer attacks: an ontotlogy for intrusion detection. 6th International Symposium on Recent Advances in Intrusion Detection.CrossRefGoogle Scholar
Zamboni, D. (2001). Using internal sensors for computer intrusion detection. PhD Thesis, TR CERIAS TR 2001–42, Purdue University.

Save book to Kindle

To save this book to your Kindle, first ensure coreplatform@cambridge.org is added to your Approved Personal Document E-mail List under your Personal Document Settings on the Manage Your Content and Devices page of your Amazon account. Then enter the ‘name’ part of your Kindle email address below. Find out more about saving to your Kindle.

Note you can select to save to either the @free.kindle.com or @kindle.com variations. ‘@free.kindle.com’ emails are free but can only be saved to your device when it is connected to wi-fi. ‘@kindle.com’ emails can be delivered even when you are not connected to wi-fi, but note that service fees apply.

Find out more about the Kindle Personal Document Service.

Available formats
×

Save book to Dropbox

To save content items to your account, please confirm that you agree to abide by our usage policies. If this is the first time you use this feature, you will be asked to authorise Cambridge Core to connect with your account. Find out more about saving content to Dropbox.

Available formats
×

Save book to Google Drive

To save content items to your account, please confirm that you agree to abide by our usage policies. If this is the first time you use this feature, you will be asked to authorise Cambridge Core to connect with your account. Find out more about saving content to Google Drive.

Available formats
×