Intrusion detection systems and multisensor data fusion

The vast majority of security professionals would agree that real-time ID systems are not technically advanced enough to detect sophisticated cyberattacks by trained professionals. For example, during the Langley cyberattack the ID systems failed to detect substantial volumes of email bombs that crashed critical email servers. Coordinated efforts from various international locations were observed as hackers worked to understand the rules-based filter used in counterinformation operations against massive email bomb attacks [1]. At the other end of the technical spectrum, false alarms from ID systems are problematic, persistent, and preponderant. Numerous systems administrators have been the subject of an ID system reporting normal work activities as hostile actions. These types of false alarms result in financial losses to organizations when technical resources are denied access to computer systems or security resources are misdirected to investigate nonintrusion events. In addition, when systems are prone to false alarms, user confidence is marginalized and misused systems are poorly maintained and underutilized. ID systems that examine operating system audit trails, or network traffic [3, 8] and other similar detection systems, have not matured to a level where sophisticated attacks are reliably detected, verified, and assessed. Comprehensive and reliable systems are complex and the technological designs of these advanced

[1]  Biswanath Mukherjee,et al.  A system for distributed intrusion detection , 1991, COMPCON Spring '91 Digest of Papers.

[2]  Pramod K. Varshney,et al.  Multisensor Data Fusion , 1997, IEA/AIE.

[3]  James Llinas,et al.  Multisensor Data Fusion , 1990 .

[4]  H. Javitz,et al.  IDES : The Enhanced Prototype A Real-Time Intrusion-Detection Expert System , 1988 .

[5]  D.S. Bauer,et al.  NIDX-an expert system for real-time network intrusion detection , 1988, [1988] Proceedings. Computer Networking Symposium.

[6]  Biswanath Mukherjee,et al.  A network security monitor , 1990, Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy.

[7]  Pramod K. Varshney,et al.  Distributed Detection and Data Fusion , 1996 .

[8]  Edward L. Waltz,et al.  Information Warfare Principles and Operations , 1998 .

[9]  T. Bass,et al.  E-mail bombs and countermeasures: cyber attacks on availability and brand integrity , 1998, IEEE Netw..

[10]  J. F. McClary,et al.  NADIR: An automated system for detecting network intrusion and misuse , 1993, Comput. Secur..

[11]  Dorothy E. Denning,et al.  An Intrusion-Detection Model , 1987, IEEE Transactions on Software Engineering.

[12]  Todd L. Heberlein,et al.  Network intrusion detection , 1994, IEEE Network.

[13]  D. L. Hall,et al.  Mathematical Techniques in Multisensor Data Fusion , 1992 .