A new paradigm for intrusion detection systems

Summary form only given. The US Army Research Laboratory through its Information Assurance Center (IAC) seeks to evolve and continuously develop an IA capability that sets the Army and DoD standard for protecting computing and communications infrastructure from unauthorized access, illicit exploitation, component damage, and denial of service to authorized users. The IAC has two components, an operational computer emergency response team that monitors a major Department of Defense research network on a 27 × 7 basis, and a research component. Unlike many similar activities, the ARL computer emergency response team employs multiple network intrusion detection system tools to accomplish its mission, and serves as a testbed for IDS tools transitioning from universities and industry into the government and commercial sectors. The IAC\´s in-house research component is focused on architecture improvements to promote data fusion across sensors and time. Issues which the new architecture address include timeliness, archiving issues, and the incorporation of both signature and anomaly IDS tools into the architecture and the fusion of the information resulting from these different approaches. The IAC has a number of collaborations with industry and academia to promote IDS tools/methodologies focused on network surveillance, intrusion detection systems focused on advanced networking (OC12 and above), and the "insider threat".