Skip to main content
SpringerLink
Log in

A Novel Engine for Various Intrusion Detection Methods

  • Conference paper
Book cover Information Security and Privacy (ACISP 2000)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 1841))

Included in the following conference series:

  • 514 Accesses

Abstract

In this paper, we describe a novel Sensor-Based Intrusion Detection Engine – SenIDS, which can process different security-related data types with various intrusion detection methods. With SenIDS, we can integrate the misuse intrusion detection method and anomaly intrusion detection method into a single structure and algorithm. SenIDS constructs a framework for intrusion detection, which includes sensors (a complex structure including a sub-program and fields representing desired event record source, the user and program activity, variable names and values, etc.) The sensor structure possesses greater ability to detect and handle a variety of complex intrusion scenarios. The intrusion detection rule consists of one or more sensors. Alarms in such rules can be triggered by various intrusion instances. Such processes on these sensors and rules are managed by a Trigger Engine automatically. The Trigger Engine can manage different kinds of sensors and rules for triggering. This enables SenIDS to integrate different intrusion detection methods.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Smaha, S.E.: HAYSTACK: An Intrusion Detection System. In: IEEE Fourth Aerospace Computer Security Applications Conference, Orlando, FL (December 1988)

    Google Scholar 

  2. Sebring, M.M., Shellhouse, E., Hanna, M.E., Whitehurst, R.A.: Expert System in Intrusion Detection: A Case Study. In: The 11th National Computer Security Conference, Baltimore, MD (October 1988)

    Google Scholar 

  3. Lane, T., Brodley, C.E.: Sequence Matching and Learning in Anomaly Detection for Computer Security. In: Proceedings of the AAAI-1997 Workshop on AI Approaches to Fraud Detection and Risk Management, pp. 43–49 (1997)

    Google Scholar 

  4. Ko, C., Ruschitzka, M., Levitt, K.: Execution Monitoring of Security-Critical Programs in Distributed Systems: A Specification-based Approach. In: Proceedings of the 1997 IEEE Symposium on Security and Privacy, pp. 134–144 (1997)

    Google Scholar 

  5. Lindqvist, U., Porras, P.A.: Detecting Computer and Network Misuse Through the Production-Based Expert System Toolset (P-BEST). In: Proceedings of the 1999 IEEE Symposium on Security and Privacy, Oakland, California (1999)

    Google Scholar 

  6. Mounji, A.: Language Tools for Rule-Based Distributed Intrusion Detection. PhD thesis, d’Informatique, Facultes Univsitaires Notre-Dame de la Paix, Namur, Belgium (September 1997)

    Google Scholar 

  7. Ilgun, K.: USTAT: A Real-Time Intrusion Detection System for UNIX. In: Proceedings of the 1993 IEEE Symposium on Security and Privacy, pp. 16–29 (1993)

    Google Scholar 

  8. Kumar, S.: Classification and Detection of Computer Intrusion. PhD thesis, Department of Computer Sciences, Purdue University, West Lafayette, Indiana (August 1995)

    Google Scholar 

  9. Bishop, M.: A Standard Audit Log Format. In: Proceedings of the 1995 National Information Systems Security Conference, Baltimore, Maryland, pp. 136–145 (October 1995)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Information Systems Research Lab, School of Electrical & Electronic Engineering, Nanyang Technological University, 639798, Singapore

    Zhu Hui & T. H. Daniel Tan

Authors
  1. Zhu Hui
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. T. H. Daniel Tan
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Information Security Research Centre, Queensland University of Technology, GPO Box 2434, 4000, Brisbane, Queensland, Australia

    E. P. Dawson , A. Clark  & Colin Boyd ,  & 

Rights and permissions

Reprints and permissions

Copyright information

© 2000 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Hui, Z., Tan, T.H.D. (2000). A Novel Engine for Various Intrusion Detection Methods. In: Dawson, E.P., Clark, A., Boyd, C. (eds) Information Security and Privacy. ACISP 2000. Lecture Notes in Computer Science, vol 1841. Springer, Berlin, Heidelberg. https://doi.org/10.1007/10718964_21

Download citation

  • DOI: https://doi.org/10.1007/10718964_21

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-67742-0

  • Online ISBN: 978-3-540-45030-6

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation