A Real-Time Intrusion Detection Expert System (IDES)-Final Report

SRI International has designed and developed a real-time intrusion-detection expert system (IDES). IDES is a stand-alone system that observes user behavior on one or more monitored computer systems and flags suspicious events. IDES monitors the activities of individual users, groups, remote hosts and entire systems, and detects suspected security violations, by both insiders and outsiders, as they occur. IDES adaptively learns users’ behavior patterns over time and detects behavior that deviates from these patterns. IDES also has a rule-based component that can be used to encode information about known system vulnerabilities and intrusion scenarios. Integrating the two approaches makes IDES a comprehensive system for detecting intrusions as well as misuse by authorized users. IDES has been enhanced to run under GLU, a platform supporting distributed, parallel computation; GLU enhances configuration flexibility and system fault tolerance. This final report is a deliverable item for work supported by the U.S. Navy, SPAWAR, which funded SRI through U.S. Government Contract No. N00039-89-C-0050.

[1]  P. S. Tasker,et al.  DEPARTMENT OF DEFENSE TRUSTED COMPUTER SYSTEM EVALUATION CRITERIA , 1985 .

[2]  John D. Lowrance,et al.  A Framework for Evidential-Reasoning Systems , 1990, AAAI.

[3]  Dorothy E. Denning,et al.  An Intrusion-Detection Model , 1986, 1986 IEEE Symposium on Security and Privacy.

[4]  H. Javitz,et al.  IDES : The Enhanced Prototype A Real-Time Intrusion-Detection Expert System , 1988 .

[5]  Rangaswamy Jagannathan A descriptive and prescriptive model for dataflow semantics , 1988 .

[6]  R. Jagannathan,et al.  A prototype real-time intrusion-detection expert system , 1988, Proceedings. 1988 IEEE Symposium on Security and Privacy.

[7]  T.F. Lunt,et al.  Real-time intrusion detection , 1989, Digest of Papers. COMPCON Spring 89. Thirty-Fourth IEEE Computer Society International Conference: Intellectual Leverage.

[8]  Teresa F. Lunt,et al.  Knowledge-based intrusion detection , 1989, [1989] Proceedings. The Annual AI Systems in Government Conference.

[9]  Peter G. Neumann,et al.  IDES: A Progress Report , 1990 .

[10]  R. Jagannathan,et al.  GLU: a system for scalable and resilient large-grain parallel processing , 1991, Proceedings of the Twenty-Fourth Annual Hawaii International Conference on System Sciences.

[11]  Harold S. Javitz,et al.  The SRI IDES statistical anomaly detector , 1991, Proceedings. 1991 IEEE Computer Society Symposium on Research in Security and Privacy.

[12]  D. E. Denning,et al.  Analytical Techniques Development for a Statistical Intrusion Detection System (sids) Based on Accounting Records. Technical Report, 3.8 Clyde Digital Systems' Audit , 2007 .