• DocumentCode
    1936136
  • Title

    Real-time intrusion detection

  • Author

    Lunt, T.F.

  • Author_Institution
    SRI Int., Menlo Park, CA, USA
  • fYear
    1989
  • fDate
    Feb. 27 1989-March 3 1989
  • Firstpage
    348
  • Lastpage
    353
  • Abstract
    A real-time intrusion-detection expert system (IDES) is described that observed user behavior on a monitored computer system and adaptively learns what is normal for individual users, groups, remote hosts, and the overall system behavior. Observed behavior is flagged as a potential intrusion if it deviates significantly from the expected behavior or if it triggers a rule in the expert-system rule base. It is shown that because IDES combines a statistical user profile approach with a rule-based expert system that characterizes intrusions, it has the potential to become a strong intrusion-detection system. The IDES prototype is capable of detecting anomalous behavior, as evidenced by preliminary experiments, in real time.<>
  • Keywords
    expert systems; real-time systems; safety systems; security of data; IDES; adaptive learning; anomalous behavior; expected behavior; groups; individual users; monitored computer system; normal; overall system behavior; real-time intrusion-detection expert system; remote hosts; rule base; statistical user profile; user behaviour observations; Computer science; Computer security; Computer viruses; Computerized monitoring; Data analysis; Data security; Expert systems; Intrusion detection; Laboratories; Real time systems;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    COMPCON Spring '89. Thirty-Fourth IEEE Computer Society International Conference: Intellectual Leverage, Digest of Papers.
  • Conference_Location
    San Francisco, CA, USA
  • Print_ISBN
    0-8186-1909-0
  • Type

    conf

  • DOI
    10.1109/CMPCON.1989.301954
  • Filename
    301954
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=1936136