taxonomy of intrusion detection systems

Intrusion-detection systems aim at detecting attacks against computer systems and networks, or against information systems in general, as it is difficult to provide provably secure information systems and maintain them in such a secure state for their entire lifetime and for every utilization. Sometimes, legacy or operational constraints do not even allow a fully secure information system to be realized at all. Therefore, the task of intrusion-detection systems is to monitor the usage of such systems and to detect the apparition of insecure states. They detect attempts and active misuse by legitimate users of the information systems or external parties to abuse their privileges or exploit security vulnerabilities. In this paper, we introduce a taxonomy of intrusion-detection systems that highlights the various aspects of this area. This taxonomy defines families of intrusion-detection systems according to their properties. Since the seminal work by Denning in 1981 10 , w x many intrusion-detection prototypes have been created. Sobirey maintains a partial list of 59 of them w x 58 . Intrusion-detection systems have emerged in the field of computer security because of the difficulty of ensuring that an information system will be free of security flaws. Indeed, a taxonomy of security flaws by Landwehr et al. 36 shows that computer w x systems suffer from security vulnerabilities regardless of their purpose, manufacturer, or origin, and that it is both technically difficult and economically costly to build and maintain computer systems and networks that are not susceptible to attacks. This paper introduces a taxonomy of intrusion-detection systems at a time when commercial tools are increasingly becoming available. Our taxonomy draws examples from research prototypes as well as commercial products to illustrate the most prominent features of intrusion-detection systems. The paper focuses on the TCPIPrUNIX world, for which the largest number of prototypes and tools have been developed. However, many of these products are now also available for Windows NT, which has been more widely deployed in organizations and has been subjected to enhanced scrutiny by the security an

Free download research paper