Abstract
In this paper, we describe a novel Sensor-Based Intrusion Detection Engine – SenIDS, which can process different security-related data types with various intrusion detection methods. With SenIDS, we can integrate the misuse intrusion detection method and anomaly intrusion detection method into a single structure and algorithm. SenIDS constructs a framework for intrusion detection, which includes sensors (a complex structure including a sub-program and fields representing desired event record source, the user and program activity, variable names and values, etc.) The sensor structure possesses greater ability to detect and handle a variety of complex intrusion scenarios. The intrusion detection rule consists of one or more sensors. Alarms in such rules can be triggered by various intrusion instances. Such processes on these sensors and rules are managed by a Trigger Engine automatically. The Trigger Engine can manage different kinds of sensors and rules for triggering. This enables SenIDS to integrate different intrusion detection methods.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Smaha, S.E.: HAYSTACK: An Intrusion Detection System. In: IEEE Fourth Aerospace Computer Security Applications Conference, Orlando, FL (December 1988)
Sebring, M.M., Shellhouse, E., Hanna, M.E., Whitehurst, R.A.: Expert System in Intrusion Detection: A Case Study. In: The 11th National Computer Security Conference, Baltimore, MD (October 1988)
Lane, T., Brodley, C.E.: Sequence Matching and Learning in Anomaly Detection for Computer Security. In: Proceedings of the AAAI-1997 Workshop on AI Approaches to Fraud Detection and Risk Management, pp. 43–49 (1997)
Ko, C., Ruschitzka, M., Levitt, K.: Execution Monitoring of Security-Critical Programs in Distributed Systems: A Specification-based Approach. In: Proceedings of the 1997 IEEE Symposium on Security and Privacy, pp. 134–144 (1997)
Lindqvist, U., Porras, P.A.: Detecting Computer and Network Misuse Through the Production-Based Expert System Toolset (P-BEST). In: Proceedings of the 1999 IEEE Symposium on Security and Privacy, Oakland, California (1999)
Mounji, A.: Language Tools for Rule-Based Distributed Intrusion Detection. PhD thesis, d’Informatique, Facultes Univsitaires Notre-Dame de la Paix, Namur, Belgium (September 1997)
Ilgun, K.: USTAT: A Real-Time Intrusion Detection System for UNIX. In: Proceedings of the 1993 IEEE Symposium on Security and Privacy, pp. 16–29 (1993)
Kumar, S.: Classification and Detection of Computer Intrusion. PhD thesis, Department of Computer Sciences, Purdue University, West Lafayette, Indiana (August 1995)
Bishop, M.: A Standard Audit Log Format. In: Proceedings of the 1995 National Information Systems Security Conference, Baltimore, Maryland, pp. 136–145 (October 1995)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2000 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Hui, Z., Tan, T.H.D. (2000). A Novel Engine for Various Intrusion Detection Methods. In: Dawson, E.P., Clark, A., Boyd, C. (eds) Information Security and Privacy. ACISP 2000. Lecture Notes in Computer Science, vol 1841. Springer, Berlin, Heidelberg. https://doi.org/10.1007/10718964_21
Download citation
DOI: https://doi.org/10.1007/10718964_21
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-67742-0
Online ISBN: 978-3-540-45030-6
eBook Packages: Springer Book Archive