Change search
ReferencesLink to record
Permanent link

Direct link
Operator-Centric and Adaptive Intrusion Detection
Karlstad University, Faculty of Economic Sciences, Communication and IT, Department of Computer Science. Karlstad University, Faculty of Economic Sciences, Communication and IT, Centre for HumanIT.
2008 (English)Conference paper (Refereed)
Abstract [en]

An intrusion detection system should support the operator of the system. Thus, in addition to producing alerts, it should allow for easy insertion of new detection algorithms. It should also support dynamic selection and de-selection of detection algorithms, and it should adjust its resource consumption to the current need. Such a system would allow the operator to easily extend the system when new detection algorithms become available. It would also allow the operator to maintain a low-cost monitoring baseline and perform more extensive monitoring when it is required. In this paper we propose an architecture for intrusion detection which aims at providing the operator with this support. The architecture uses a modular design to promote a high degree of flexibility. This supports creation of an environment in which state-of-the-art intrusion detection algorithms easily can be inserted. The modular design also allows for detection algorithms to be enabled and disabled when required. Additionally, the architecture uses a sensor reconfiguration mechanism to affect the amount of data collected. When a detection algorithm is enabled or disabled, the sensor providing the input data to the algorithm is correspondingly reconfigured. This implies a minimum of excess collected data. To illustrate the feasibility of the architecture, we provide a proof - of-concept supporting monitoring of users for insider detection and webserver monitoring for intrusion attempts

Place, publisher, year, edition, pages
Naples, Italy: IEEE , 2008.
National Category
Computer Science
Research subject
Computer Science
Identifiers
URN: urn:nbn:se:kau:diva-22124OAI: oai:DiVA.org:kau-22124DiVA: diva2:595800
Conference
Proceedings of the 4th International Conference on Information Assurance and Security (IAS 2008)
Available from: 2013-01-21 Created: 2013-01-21 Last updated: 2013-01-21

Open Access in DiVA

No full text

Other links

http://ieeexplore.ieee.org/xpls/abs_all.jsp?isnumber=4627043&arnumber=4627079&count=68&index=35

Search in DiVA

By author/editor
Lindskog, Stefan
By organisation
Department of Computer ScienceCentre for HumanIT
Computer Science

Search outside of DiVA

GoogleGoogle Scholar

Total: 19 hits
ReferencesLink to record
Permanent link

Direct link