The need for increased security measures in computer systems and networks is apparent through the frequent media accounts of computer system and network intrusions. One attempt at increasing security measures is in the area of intrusion detection packages. These packages use a variety of means to detect intrusive activities and have been applied to both individual computer systems and networks. Cooperating security managers (CSM) is one such package. Applied to a network, CSM is designed to perform intrusion detection and reporting functions in a distributed environment without requiring a designated central site or server to perform the analysis of network audit data. In addition, it is designed to handle intrusions as opposed to simply detecting and reporting on them, resulting in a comprehensive approach to individual system and network intrusions. Tests of the initial prototype have shown the cooperative methodology to perform favourably.
[1]
Teresa F. Lunt,et al.
Knowledge-based intrusion detection
,
1989,
[1989] Proceedings. The Annual AI Systems in Government Conference.
[2]
K. A. Jackson,et al.
An expert system application for network intrusion detection
,
1991
.
[3]
Dorothy E. Denning,et al.
An Intrusion-Detection Model
,
1987,
IEEE Transactions on Software Engineering.
[4]
Udo W. Pooch,et al.
Computer system and network security
,
1995
.
[5]
J. F. McClary,et al.
NADIR: An automated system for detecting network intrusion and misuse
,
1993,
Comput. Secur..