Intrusion detection: Approach and performance issues of the SECURENET system

The first aim of this paper is to provide a comparison between the generic characteristics of the detection-by-appearance and the detection-by-behaviour models for malicious software intrusion detection, and thus to discuss the efficiency of intrusion detection systems based on AI technologies. We introduce the SECURENET system, an experimental intrusion detection intelligent system, which incorporates the use of expert systems, neural networks, and intent specification languages. The second goal is to present the basis of a reaction- time delay analysis for SECURENET in a typical WAN environment. Together with the proportion of attacks detected, reaction time is one of the main efficiency criteria of an intrusion detection system.

[1]  Gunar E. Liepins,et al.  Detection of anomalous computer session activity , 1989, Proceedings. 1989 IEEE Symposium on Security and Privacy.

[2]  Y. Radai Checksumming Techniques for Anti-Viral Purposes , 1992, IFIP Congress.

[3]  William Stallings,et al.  Isdn: An Introduction , 1988 .

[4]  S. S. Yau,et al.  Design of self-checking software , 1975 .

[5]  Liming Chen,et al.  N-VERSION PROGRAMMINC: A FAULT-TOLERANCE APPROACH TO RELlABlLlTY OF SOFTWARE OPERATlON , 1995, Twenty-Fifth International Symposium on Fault-Tolerant Computing, 1995, ' Highlights from Twenty-Five Years'..

[6]  K. A. Jackson,et al.  An expert system application for network intrusion detection , 1991 .

[7]  Fred Cohen A cryptographic checksum for integrity protection , 1987, Comput. Secur..

[8]  Frederick B. Cohen,et al.  A cost analysis of typical computer viruses and defenses , 1991, Comput. Secur..

[9]  Daniel Guinier,et al.  Computer “virus” identification by neural networks: An artificial intelligence connectionist implementation naturally made to work with fuzzy information , 1991, SGSC.

[10]  Yvo Desmedt,et al.  Defending systems against viruses through cryptographic authentication , 1989, Proceedings. 1989 IEEE Symposium on Security and Privacy.

[11]  Richard P. Lippmann,et al.  An introduction to computing with neural nets , 1987 .

[12]  Shiuh-Pyng Shieh,et al.  A pattern-oriented intrusion-detection model and its applications , 1991, Proceedings. 1991 IEEE Computer Society Symposium on Research in Security and Privacy.

[13]  D. Guinier,et al.  Biological versus computer viruses , 1989, SGSC.

[14]  Jeffrey D. Ullman,et al.  Principles of Database Systems , 1980 .

[15]  S. E. Smaha Haystack: an intrusion detection system , 1988, [Proceedings 1988] Fourth Aerospace Computer Security Applications.