Title :
Watcher: the missing piece of the security puzzle
Author :
Munson, John C. ; Wimer, Scott
Author_Institution :
Dept. of Comput. Sci., Idaho Univ., Moscow, ID, USA
Abstract :
Modern intrusion detection systems are comprised of three basically different approaches, host based, network based, and a third relatively recent addition called procedural based detection. The first two have been extremely popular in the commercial market for a number of years now because they are relatively simple to use, understand and maintain. However, they fall prey to a number of shortcomings such as scaling with increased traffic requirements, use of complex and false positive prone signature databases, and their inability to detect novel intrusive attempts. The procedural based intrusion detection, systems represent a great leap forward over current security technologies by addressing these and other concerns. This paper presents an overview of our work in creating a true procedural Disallowed Operational Anomaly (DOA) system.
Keywords :
authorisation; security of data; system monitoring; DOA system; Internet; false positive prone signature databases; host based detection; intrusion detection systems; network based detection; novel intrusive attempts; procedural based detection; procedural disallowed operational anomaly system; scaling; software design methodologies; traffic requirements; Computer science; Computer security; Hardware; Information security; Internet; Intrusion detection; Monitoring; Operating systems; Radio access networks; Software systems;
Conference_Titel :
Computer Security Applications Conference, 2001. ACSAC 2001. Proceedings 17th Annual
Print_ISBN :
0-7695-1405-7
DOI :
10.1109/ACSAC.2001.991539
