Title :
The SRI IDES statistical anomaly detector
Author :
Javitz, Harold S. ; Valdes, Alfonso
Author_Institution :
SRI Int., Menlo Park, CA, USA
Abstract :
SRI International´s real-time intrusion-detection expert system (IDES) contains a statistical subsystem that observes behavior on a monitored computer system and adaptively learns what is normal for individual users and groups of users. The statistical subsystem also monitors observed behavior and identifies behavior as a potential intrusion (or misuse by authorized users) if it deviates significantly from expected behavior. The multivariate methods used to profile normal behavior and identify deviations from expected behavior are explained in detail. The statistical test for abnormality contains a number of parameters that must be initialized and the substantive issues relating to setting those parameter values are discussed
Keywords :
adaptive systems; expert systems; learning systems; real-time systems; security of data; IDES; SRI; adaptively learns; authorized users; monitored computer system; real-time intrusion-detection expert system; statistical anomaly detector; Aging; Computerized monitoring; Condition monitoring; Detectors; Expert systems; Frequency; Intrusion detection; Real time systems; Statistics; System testing;
Conference_Titel :
Research in Security and Privacy, 1991. Proceedings., 1991 IEEE Computer Society Symposium on
Conference_Location :
Oakland, CA
Print_ISBN :
0-8186-2168-0
DOI :
10.1109/RISP.1991.130799
