A system for distributed intrusion detection

Snapp, S R; Brentano, J; Dias, G V; Goan, T L; Heberlein, L T; Ho, Che-Lin; Levitt, K N; Mukherjee, B; Grance, T; Mansur, D L; Pon, K L; Smaha, S E

Title: A system for distributed intrusion detection

Conference · Tue Jan 01 00:00:00 EST 1991

OSTI ID:6274833

Snapp, S R; Brentano, J; Dias, G V; Goan, T L; Heberlein, L T; Ho, Che-Lin; Levitt, K N; Mukherjee, B ^[1]; Grance, T ^[2]; Mansur, D L; Pon, K L ^[3]; Smaha, S E ^[4]

California Univ., Davis, CA (USA). Div. of Computer Science
Air Force Cryptologic Support Center, San Antonio, TX (USA)
Lawrence Livermore National Lab., CA (USA)
Haystack Labs., Inc., Austin, TX (USA)

The study of providing security in computer networks is a rapidly growing area of interest because the network is the medium over which most attacks or intrusions on computer systems are launched. One approach to solving this problem is the intrusion-detection concept, whose basic premise is that not only abandoning the existing and huge infrastructure of possibly-insecure computer and network systems is impossible, but also replacing them by totally-secure systems may not be feasible or cost effective. Previous work on intrusion-detection systems were performed on stand-alone hosts and on a broadcast local area network (LAN) environment. The focus of our present research is to extend our network intrusion-detection concept from the LAN environment to arbitarily wider areas with the network topology being arbitrary as well. The generalized distributed environment is heterogeneous, i.e., the network nodes can be hosts or servers from different vendors, or some of them could be LAN managers, like our previous work, a network security monitor (NSM), as well. The proposed architecture for this distributed intrusion-detection system consists of the following components: a host manager in each host; a LAN manager for monitoring each LAN in the system; and a central manager which is placed at a single secure location and which receives reports from various host and LAN managers to process these reports, correlate them, and detect intrusions. 11 refs., 2 figs.

View Conference

Cite

Export

Save

Research Organization:: Lawrence Livermore National Lab., CA (USA)

Sponsoring Organization:: DOE/DP

DOE Contract Number:: W-7405-ENG-48

OSTI ID:: 6274833

Report Number(s):: UCRL-JC-105793; CONF-910263-6; ON: DE91007634

Resource Relation:: Conference: COMPCON '91, San Francisco, CA (USA), 25 Feb - 1 Mar 1991

Country of Publication:: United States

Language:: English

Similar Records

Verifying the secure setup of Unix client/servers and detection of network intrusion

Conference · Sat Jul 01 00:00:00 EDT 1995 · OSTI ID:6274833

Feingold, R; Bruestle, H R; Bartoletti, T; +2 more

A network security monitor

Technical Report · Wed Nov 01 00:00:00 EST 1989 · OSTI ID:6274833

Heberlein, L T; Dias, G V; Levitt, K N; +3 more

Analysis of an algorithm for distributed recognition and accountability

Conference · Sun Aug 01 00:00:00 EDT 1993 · OSTI ID:6274833

Ko, C; Frincke, D A; Goan, T Jr; +4 more

Related Subjects

99 GENERAL AND MISCELLANEOUS//MATHEMATICS, COMPUTING, AND INFORMATION SCIENCE
COMPUTER NETWORKS
INTRUSION DETECTION SYSTEMS
COMPUTER ARCHITECTURE
DESIGN
EXPERT SYSTEMS
SECURITY
ALARM SYSTEMS
990200* - Mathematics & Computers

Title: A system for distributed intrusion detection

Citation Formats

Similar Records

Related Subjects