Title :
Experiences on Designing an Integral Intrusion Detection System
Author :
Penya, Yoseba K. ; Bringas, Pablo G.
Author_Institution :
S3Lab. Deusto Technol. Found. Bilbao, Basque
Abstract :
Network intrusion detection systems (NIDS) have the challenge to prevent network attacks and unauthorised remote use of computers. In order to achieve this goal, NIDS usually follow two different strategies. The first one aims at detecting forbidden usage of the network and the second one concentrates on finding illegitimate behaviour. The first methodology accomplishes its goal by defining all possible attacks and the second by modelling the normal usage to detect anything that does not fit on that muster; this difference has rendered both alternatives so far incompatible. In previous works we have presented ESIDE-Depian, the first inherently unified misuse and anomaly detector. This paper focuses on the problems and difficulties that arose in the integration process and the solutions designed to overcome them.
Keywords :
computer networks; security of data; ESIDE-Depian; anomaly detector; forbidden usage detection; illegitimate behaviour finding; integral intrusion detection system; network intrusion detection systems; Bayesian methods; Computer networks; Databases; Detectors; Expert systems; Internet; Intrusion detection; Protection; Telecommunication traffic; Traffic control; Anomaly Detection; Bayesian Networks; Data Mining; Intrusion Detection; Intrusion Prevention; Machine Learning; Misuse Detection;
Conference_Titel :
Database and Expert Systems Application, 2008. DEXA '08. 19th International Workshop on
Conference_Location :
Turin
Print_ISBN :
978-0-7695-3299-8
DOI :
10.1109/DEXA.2008.54
