Multisensor Data Fusion for Next Generation Distributed Intrusion Detection Systems

1 Multisensor Data Fusion for Next Generation Distributed Intrusion Detection Systems Tim Bass ERIM International & Silk Road Ann Arbor, MI 48113 Abstract| Next generation cyberspace intrusion detection systems will fuse data from heterogeneous distributed network sensors to create cyberspace situational awareness. This paper provides a few rst steps toward developing the engineering requirements using the art and science of multisensor data fusion as the underlying model. Current generation internet-based intrusion detection systems and basic multisensor data fusion constructs are summarized. The TCP/IP model is used to develop framework sensor and database models. The SNMP ASN.1 MIB construct is recommended for the representation of context-dependent threat & vulnerabilities databases.

[1]  Dorothy E. Denning,et al.  An Intrusion-Detection Model , 1986, 1986 IEEE Symposium on Security and Privacy.

[2]  Richard T. Antony,et al.  Principles of Data Fusion Automation , 1995 .

[3]  Tim Bass,et al.  Intrusion detection systems and multisensor data fusion , 2000, CACM.

[4]  James Llinas,et al.  Multisensor Data Fusion , 1990 .

[5]  Todd L. Heberlein,et al.  Network intrusion detection , 1994, IEEE Network.

[6]  D. L. Hall,et al.  Mathematical Techniques in Multisensor Data Fusion , 1992 .

[7]  Pramod K. Varshney,et al.  Multisensor Data Fusion , 1997, IEA/AIE.

[8]  Biswanath Mukherjee,et al.  A network security monitor , 1990, Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy.

[9]  Biswanath Mukherjee,et al.  A system for distributed intrusion detection , 1991, COMPCON Spring '91 Digest of Papers.

[10]  J. F. McClary,et al.  NADIR: An automated system for detecting network intrusion and misuse , 1993, Comput. Secur..

[11]  W. Richard Stevens,et al.  TCP/IP Illustrated, Volume 1: The Protocols , 1994 .

[12]  Pramod K. Varshney,et al.  Distributed Detection and Data Fusion , 1996 .

[13]  Edward L. Waltz,et al.  Information Warfare Principles and Operations , 1998 .

[14]  T. Bass,et al.  E-mail bombs and countermeasures: cyber attacks on availability and brand integrity , 1998, IEEE Netw..