Designing and implementing a family of intrusion detection systems

10 years 11 months ago
Designing and implementing a family of intrusion detection systems
Intrusion detection systems are distributed applications that analyze the events in a networked system to identify malicious behavior. The analysis is performed using a number of attack models (or signatures) that are matched against a specific event stream. Intrusion detection systems may operate in heterogeneous environments, analyzing different types of event streams. Currently, intrusion detection systems and the corresponding attack modeling languages are developed following an ad hoc approach to match the characteristics of specific target environments. As the number of systems that have to be protected increases, this approach results in increased development effort. To overcome this limitation, we developed a framework, called STAT, that supports the development of new intrusion detection functionality in a modular fashion. The STAT framework can be extended following a well-defined process to implement intrusion detection systems tailored to specific environments, platf...
Richard A. Kemmerer
Added 25 Jun 2010
Updated 25 Jun 2010
Type Conference
Year 2005
Where KBSE
Authors Richard A. Kemmerer
Comments (0)