Title :
NIDX-an expert system for real-time network intrusion detection
Author :
Bauer, David S. ; Koblentz, Michael E.
Author_Institution :
Bell Commun. Res. Inc., Piscataway, NJ, USA
Abstract :
A knowledge-based prototype network intrusion detection expert system (NIDX) for the Unix System V environment is described. NIDX combines knowledge describing the target system, history profiles of users´ past activities, and intrusion detection heuristics from a knowledge-based system capable of detecting specific violations that occur on the target system. Intrusions are detected by classifying user activity from a real-time audit trail of Unix system calls and then, using system-specific knowledge and heuristics about typical intrusions and attack techniques, determining whether or not the activity is an intrusion. The authors describe the NIDX knowledge base, and Unix system audit trail mechanism and history profiles , and demonstrate the knowledge-based intrusion detection process.<>
Keywords :
computer networks; data communication systems; expert systems; operating systems (computers); real-time systems; security of data; NIDX; Unix System V environment; Unix system calls; attack techniques; heuristics; history profiles; knowledge-based prototype; real-time audit trail; real-time network intrusion detection; system-specific knowledge; user activity; Communication system control; Communication system security; Data security; Expert systems; History; Intrusion detection; Knowledge based systems; Operating systems; Prototypes; Real time systems;
Conference_Titel :
Computer Networking Symposium, 1988., Proceedings of the
Conference_Location :
Washington, DC, USA
Print_ISBN :
0-8186-0835-8
DOI :
10.1109/CNS.1988.4983
