Intrusion Detection Systems Basics

Peng Ning, North Carolina State University

Sushil Jajodia, George Mason University

Introduction

Anomaly Detection

Statistical Models

Machine Learning and Data Mining Techniques

Computer Immunological Approachs

Specification-Based Methods

Information-Theoretic Measures

Limitation of Anomaly Detection

Misuse Detection

Rule-Based Languages

State Transition Analysis Toolkit

Colored Petri Automata

Automatically Built Misuse Detection Models

Abstraction-Based Intrusion Detection

Limitation of Misuse Detection

Intrusion Detection in Distributed Systems

Distributed Intrusion Detection Systems

Network-Based Intrusion Detection Systems

Sharing Information Among Intrusion Detection Systems

Intrusion Alert Correlation

Intrusion Alert Correlation Based on Prerequisites and Consequences of Attacks

Conclusion

Glossary

Cross References

References

INTRODUCTION

Intuitively, intrusions in an information system are the activities that violate the security policy of the system, and intrusion detection is the process used to identify intrusions. Intrusion detection has been studied for more than 20 years since Anderson's report (Anderson, 1980). It is based on the beliefs that an intruder's behavior will be noticeably different from that of a legitimate user and that many unauthorized actions will be detectable.

Intrusion detection systems (IDSs) are usually deployed along with other preventive security mechanisms, such as access control and authentication, as a second ...

Get Handbook of Information Security: Threats, Vulnerabilities, Prevention, Detection, and Management, Volume 3 now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.