Intrusion and intrusion detection |
| |
Authors: | John McHugh |
| |
Affiliation: | CERT?Coordination Center, Software Engineering Institute, Carnegie Mellon University, Pittsburgh, PA 15213-3890, USA E-mail: jmchugh@cert.org, US
|
| |
Abstract: | Assurance technologies for computer security have failed to have significant impacts in the marketplace, with the result that
most of the computers connected to the internet are vulnerable to attack. This paper looks at the problem of malicious users
from both a historical and practical standpoint. It traces the history of intrusion and intrusion detection from the early
1970s to the present day, beginning with a historical overview. The paper describes the two primary intrusion detection techniques,
anomaly detection and signature-based misuse detection, in some detail and describes a number of contemporary research and
commercial intrusion detection systems. It ends with a brief discussion of the problems associated with evaluating intrusion
detection systems and a discussion of the difficulties associated with making further progress in the field. With respect
to the latter, it notes that, like many fields, intrusion detection has been based on a combination of intuition and brute-force
techniques. We suspect that these have carried the field as far as they can and that further significant progress will depend
on the development of an underlying theoretical basis for the field.
Published online: 27 July 2001 |
| |
Keywords: | : Computer misuse – Intrusion detection – Intrusive anomalies – Intrusion signatures – Intrusion detection systems (IDS) – IDS evaluation |
本文献已被 SpringerLink 等数据库收录! |
|