Title :
Haystack: an intrusion detection system
Author :
Smaha, Stephen E.
Author_Institution :
Tracor Appl Sci. Inc., Austin, TX, USA
Abstract :
Haystack is a prototype system for the detection of intrusions in multiuser US Air Force computer systems. Haystack reduces voluminous system audit trails to short summaries of user behavior, anomalous events, and security incidents. This is designed to help the system security officer detect and investigate intrusions, particularly by insiders (authorized users). Haystacks´s operation is based on behavioral constraints imposed by security policies and on models of typical behavior for user groups and individual users
Keywords :
aerospace computing; human factors; multi-access systems; safety systems; security of data; Haystack; anomalous events; authorized users; behavioral constraints; individual users; intrusion detection system; multiuser US Air Force computer systems; prototype system; security incidents; security policies; system security officer; typical behavior; user behavior; user groups; voluminous system audit trails; Access control; Computer crime; Computer security; Government; Information security; Intrusion detection; Military computing; National security; Standards development; US Department of Defense;
Conference_Titel :
Aerospace Computer Security Applications Conference, 1988., Fourth
Conference_Location :
Orlando, FL
Print_ISBN :
0-8186-0895-1
DOI :
10.1109/ACSAC.1988.113412
