TY - JOUR
T1 - Defense-in-depth adaptive intrusion detection system
AU - Wang, Wei
AU - Chen, Xiuzhen
AU - Guan, Xiaohong
AU - Zhang, Xiangliang
N1 - Generated from Scopus record by KAUST IRTS on 2023-09-20
PY - 2005/4/1
Y1 - 2005/4/1
N2 - Aiming at detecting intrusions across-the-board and at improving detection accuracy, a novel model of defense-in-depth adaptive intrusion detection system (IDS) was presented. In this model, the behaviors in a computer system are monitored according to the general order of the impact of the attacks and divided into three layers including network behaviors, user behaviors and system behaviors. Various methods are then applied to process the data streams from network packages, keystrokes, audit trails, command sequences, file system and system calls obtained in the three layers for intrusion detection. The monitoring decision on intrusion is made by combining the six individual inferences based on information fusion technique. Based on the risk assessment method proposed in this paper, an efficient adaptive policy is drawn as well for IDS to reduce the expense of system resources. The model is tested and the results show that the model presented is effective to detect intrusions and to balance the system security and performance adaptively and dynamically. The model is promising as well in terms of detection accuracy, system resource requirement and implementation in practice.
AB - Aiming at detecting intrusions across-the-board and at improving detection accuracy, a novel model of defense-in-depth adaptive intrusion detection system (IDS) was presented. In this model, the behaviors in a computer system are monitored according to the general order of the impact of the attacks and divided into three layers including network behaviors, user behaviors and system behaviors. Various methods are then applied to process the data streams from network packages, keystrokes, audit trails, command sequences, file system and system calls obtained in the three layers for intrusion detection. The monitoring decision on intrusion is made by combining the six individual inferences based on information fusion technique. Based on the risk assessment method proposed in this paper, an efficient adaptive policy is drawn as well for IDS to reduce the expense of system resources. The model is tested and the results show that the model presented is effective to detect intrusions and to balance the system security and performance adaptively and dynamically. The model is promising as well in terms of detection accuracy, system resource requirement and implementation in practice.
UR - http://www.scopus.com/inward/record.url?scp=18744391377&partnerID=8YFLogxK
M3 - Article
SN - 0253-987X
VL - 39
JO - Hsi-An Chiao Tung Ta Hsueh/Journal of Xi'an Jiaotong University
JF - Hsi-An Chiao Tung Ta Hsueh/Journal of Xi'an Jiaotong University
IS - 4
ER -