Computer System Intrusion Detection: A Survey

The ability to detect intruders in computer systems increases in importance as computers are increasingly integrated into the systems that we rely on for the correct functioning of society. This paper reviews the history of research in intrusion detection as performed in software in the context of operating systems for a single computer, a distributed system, or a network of computers. There are two basic approaches: anomaly detection and misuse detection. Both have been practiced since the 1980s. Both have naturally scaled to use in distributed systems and networks.

[1]  Todd L. Heberlein,et al.  Network intrusion detection , 1994, IEEE Network.

[2]  Teresa F. Lunt,et al.  A survey of intrusion detection techniques , 1993, Comput. Secur..

[3]  David Safford,et al.  The TAMU Security Package: An Ongoing Response to Internet Intruders in an Academic Environment , 1993, USENIX Security Symposium.

[4]  Eugene H. Spafford,et al.  The COPS Security Checker System , 1990, USENIX Summer.

[5]  Aurobindo Sundaram,et al.  An introduction to intrusion detection , 1996, CROS.

[6]  Koral Ilgun,et al.  USTAT: a real-time intrusion detection system for UNIX , 1993, Proceedings 1993 IEEE Computer Society Symposium on Research in Security and Privacy.

[7]  Ulf Lindqvist,et al.  Detecting computer and network misuse through the production-based expert system toolset (P-BEST) , 1999, Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344).

[8]  Richard A. Kemmerer,et al.  Penetration state transition analysis: A rule-based intrusion detection approach , 1992, [1992] Proceedings Eighth Annual Computer Security Application Conference.

[9]  Cannady,et al.  A Comparative Analysis of Current Intrusion Detection Technologies , 1996 .

[10]  Hervé Debar,et al.  A neural network component for an intrusion detection system , 1992, Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy.

[11]  Gunar E. Liepins,et al.  Intrusion detection: Its role and validation , 1992, Comput. Secur..

[12]  Charles E. Kahn,et al.  A common intrusion detection framework , 2000 .

[13]  Eugene H. Spafford,et al.  The design and implementation of tripwire: a file system integrity checker , 1994, CCS '94.

[14]  Richard A. Kemmerer,et al.  NSTAT: A Model-based Real-time Network Intrusion Detection System , 1998 .

[15]  Anita K. Jones,et al.  Application Intrusion Detection Systems: The Next Step , 1999 .

[16]  J. F. McClary,et al.  NADIR: An automated system for detecting network intrusion and misuse , 1993, Comput. Secur..

[17]  Eugene H. Spafford,et al.  Experiences with Tripwire: Using Integrity Checkers for Intrusion Detection , 1994 .

[18]  Stephanie Forrest,et al.  Intrusion Detection Using Sequences of System Calls , 1998, J. Comput. Secur..

[19]  Robert S. Sielken Application Intrusion Detection , 1999 .

[20]  Peter G. Neumann,et al.  EMERALD: Event Monitoring Enabling Responses to Anomalous Live Disturbances , 1997, CCS 2002.

[21]  Alfonso Valdes,et al.  Next-generation Intrusion Detection Expert System (NIDES)A Summary , 1997 .

[22]  Karl N. Levitt,et al.  GrIDS A Graph-Based Intrusion Detection System for Large Networks , 1996 .

[23]  Biswanath Mukherjee,et al.  DIDS (distributed intrusion detection system)—motivation, architecture, and an early prototype , 1997 .

[24]  H. Javitz,et al.  Detecting Unusual Program Behavior Using the Statistical Component of the Next-generation Intrusion Detection Expert System ( NIDES ) 1 , 1997 .

[25]  Teresa F. Lunt,et al.  Knowledge-based intrusion detection , 1989, [1989] Proceedings. The Annual AI Systems in Government Conference.

[26]  S. E. Smaha Haystack: an intrusion detection system , 1988, [Proceedings 1988] Fourth Aerospace Computer Security Applications.

[27]  Harold S. Javitz,et al.  The NIDES Statistical Component Description and Justification , 1994 .

[28]  Massimo Cotrozzi,et al.  ATP - Anti-Tampering Program , 1993, USENIX Security Symposium.

[29]  Eugene H. Spafford,et al.  An Application of Pattern Matching in Intrusion Detection , 1994 .

[30]  Dorothy E. Denning,et al.  An Intrusion-Detection Model , 1987, IEEE Transactions on Software Engineering.

[31]  Rune Skardhamar Virus: Detection and Elimination , 1995 .

[32]  Alan S. Perelson,et al.  Self-nonself discrimination in a computer , 1994, Proceedings of 1994 IEEE Computer Society Symposium on Research in Security and Privacy.