article

A survey of intrusion detection techniques

Author:

Teresa F. LuntAuthors Info & Claims

Computers and Security, Volume 12, Issue 4

Pages 405 - 418

https://doi.org/10.1016/0167-4048(93)90029-5

Published: 01 June 1993 Publication History

Abstract

Today's computer systems are vulnerable both to abuse by insiders and to penetration by outsiders, as evidenced by the growing number of incidents reported in the press. To close all security loopholes from today's systems is infeasible, and no combination of technologies can prevent legitimate users from abusing their authority in a system; thus auditing is viewed as the last line of defense. Over the past several years, the computer security community has been developing automated tools to analyze computer system audit data for suspicious user behavior. This paper describes the use of such tools for detecting computer system intrusion and describes further technologies that may be of use for intrusion detection in the future.

References

[1]

Stoll, C., What do you feed a trojan horse?. In: Proceedings of the 10th National Computer Security Conference,

[2]

Anderson, J.P., Computer Security Threat Monitoring and Surveillance. April 1980. James P. Anderson Co, Fort Washington, Pennsylvania.

[3]

van Horne, J. and Halme, L., Analysis of Computer System Audit Trails¿Final Report. In: Technical Report TR-85007, Sytek, Mountain View, California.

[4]

Lunt, T.F. and Jagannathan, R., A prototype real-time intrusion-detection system. In: Proceedings of the 1988 IEEE Symposium on Security and Privacy,

[5]

Lunt, T.F., Jagannathan, R., Lee, R., Listgarten, S., Edwards, D.L., Neumann, P.G., Javitz, H.S. and Valdes, A., Development and Application of IDES: A Real-Time Intrusion-Detection Expert System. 1988. Computer Science Laboratory, SRI International, Menlo Park, California.

[6]

Lunt, T.F., Jagannathan, R., Lee, R., Whitehurst, A. and Listgarten, S., Knowledge-based intrusion detection. In: Proceedings of the 1989 AI Systems in Government Conference,

[7]

Lunt, T.F., Real-time intrusion detection. In: Proceedings of COMPCON Spring '89,

[8]

IDES: an intelligent system for detecting intruders. In: Proceedings of the Symposium: Computer Security, Threat and Countermeasures, Rome, Italy,

[9]

Lunt, T.F., Tamaru, A., Gilham, F., Jagannathan, R., Jalali, C., Javitz, H.S., Valdes, A. and Neumann, P.G., A Real-Time Intrusion-Detection Expert System. 1990. Computer Science Laboratory, SRI International, Menlo Park, California.

[10]

Lunt, T.F., Using statistics to track intruders. In: Proceedings of the Joint Statistical Meetings of the American Statistical Association,

[11]

Lunt, T.F., Tamaru, A., Gilham, F., Jagannathan, R., Neumann, P.G. and Jalali, C., IDES: A progress report. In: Proceedings of the Sixth Annual Computer Security Applications Conference,

[12]

Lunt, T.F., Tamaru, A., Gilham, F., Jagannathan, R., Jalali, C., Javitz, H.S., Valdes, A., Neumann, P.G. and Garvey, T.D., A Real-Time Intrusion-Detection Expert System (IDES), Final Technical Report. February 1992. Computer Science Laboratory, SRI International, Menlo Park, California.

[13]

Lunt, T.F., Automated audit trail analysis and intrusion detection: a survey. In: Proceedings of the 11th National Computer Security Conference,

[14]

Garvey, T.D. and Lunt, T.F., Model-based intrusion detection. In: Proceedings of the 14th National Computer Security Conference,

[15]

Karger, P.A., Limiting the damage potential of discretionary Trojan horses. In: Proceedings of the 1987 IEEE Symposium on Security and Privacy,

[16]

Linde, R.R., Operating system penetration. In: Proceedings of the National Computer Conference,

[17]

Lunt, T.F., van Horne, J. and Halme, L., Analysis of Computer System Audit Trails¿Initial Data Analysis. In: Technical Report TR-85009, Sytek, Mountain View, California.

[18]

Kuhn, J.D., Research toward intrusion detection through the automated abstraction of audit data. In: Proceedings of the 9th National Computer Security Conference,

[19]

Cummings, P.T., Fullam, D.A., Goldstein, M.J., Gosselin, M.J., Picciotto, J., Woodward, P.L. and Wynn, J., Compartmented mode workstation: Results through prototyping. In: Proceedings of the 1987 Symposium on Research in Security and Privacy,

[20]

Picciotto, J., The design of an effective auditing subsystem. In: Proceedings of the 1987 Symposium on Research in Security and Privacy,

[21]

Clyde, A.R., Insider threat identification systems. In: Proceedings of the 10th National Computer Security Conference,

[22]

Denning, D.E., Neumann, P.G. and Parker, D.B., Social aspects of computer security. In: Proceedings of the 10th National Computer Security Conference,

[23]

. December 1985. Department of Defense Trusted Computer System Evaluation Criteria, December 1985.Department of Defense.

[24]

Irving, R.H., Higgins, C.A. and Safayeni, F.R., Computerized performance monitoring systems: use and abuse. Communications of the ACM. v29 i8.

Cited By

Gao YMiao HChen JSong BHu XWang W(2024)Explosive Cyber Security Threats During COVID-19 Pandemic and a Novel Tree-Based Broad Learning System to OvercomeIEEE Transactions on Intelligent Transportation Systems10.1109/TITS.2022.316018225:1(786-795)Online publication date: 1-Jan-2024
https://dl.acm.org/doi/10.1109/TITS.2022.3160182
Fei JSun YWang YLian Z(2023)Intrusion Detection System Based on Adversarial Domain Adaptation AlgorithmGreen, Pervasive, and Cloud Computing10.1007/978-981-99-9893-7_17(223-237)Online publication date: 23-Sep-2023
https://dl.acm.org/doi/10.1007/978-981-99-9893-7_17
Mishra BSmirnova I(2021)Optimal configuration of intrusion detection systemsInformation Technology and Management10.1007/s10799-020-00319-z22:4(231-244)Online publication date: 1-Dec-2021
https://dl.acm.org/doi/10.1007/s10799-020-00319-z
Show More Cited By

Index Terms

A survey of intrusion detection techniques
1. Security and privacy
2. Social and professional topics
  1. Computing / technology policy
    1. Computer crime

Recommendations

A Survey on Intrusion Detection and Prevention Systems
Abstract
In the digital world, malicious activities that violate the confidentiality, integrity, or availability of data and devices are known as intrusions. An intrusion detection system (IDS) analyses the activities of a single system or a network to ...
Network intrusion detection

Intrusion detection is a new, retrofit approach for providing a sense of security in existing computers and data networks, while allowing them to operate in their current "open" mode. The goal of intrusion detection is to identify unauthorized use, ...
A survey of coordinated attacks and collaborative intrusion detection

Coordinated attacks, such as large-scale stealthy scans, worm outbreaks and distributed denial-of-service (DDoS) attacks, occur in multiple networks simultaneously. Such attacks are extremely difficult to detect using isolated intrusion detection ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image Computers and Security

Computers and Security Volume 12, Issue 4

June 1993

98 pages

ISSN:0167-4048

Editor:
John Meyer
Elsevier Advanced Technology, Oxford, UK

Issue’s Table of Contents

Copyright © © 1993.

Publisher

Elsevier Advanced Technology Publications

United Kingdom

Publication History

Published: 01 June 1993

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

66
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 24 Sep 2024

Other Metrics

View Author Metrics

Citations

Cited By

Gao YMiao HChen JSong BHu XWang W(2024)Explosive Cyber Security Threats During COVID-19 Pandemic and a Novel Tree-Based Broad Learning System to OvercomeIEEE Transactions on Intelligent Transportation Systems10.1109/TITS.2022.316018225:1(786-795)Online publication date: 1-Jan-2024
https://dl.acm.org/doi/10.1109/TITS.2022.3160182
Fei JSun YWang YLian Z(2023)Intrusion Detection System Based on Adversarial Domain Adaptation AlgorithmGreen, Pervasive, and Cloud Computing10.1007/978-981-99-9893-7_17(223-237)Online publication date: 23-Sep-2023
https://dl.acm.org/doi/10.1007/978-981-99-9893-7_17
Mishra BSmirnova I(2021)Optimal configuration of intrusion detection systemsInformation Technology and Management10.1007/s10799-020-00319-z22:4(231-244)Online publication date: 1-Dec-2021
https://dl.acm.org/doi/10.1007/s10799-020-00319-z
Ahmad ZShahid Khan AWai Shiang CAbdullah JAhmad F(2021)Network intrusion detection systemTransactions on Emerging Telecommunications Technologies10.1002/ett.415032:1Online publication date: 13-Jan-2021
https://dl.acm.org/doi/10.1002/ett.4150
Huang SCao ZRaines CYang MSimon C(2019)Detecting Intruders by User File Access PatternsNetwork and System Security10.1007/978-3-030-36938-5_19(320-335)Online publication date: 15-Dec-2019
https://dl.acm.org/doi/10.1007/978-3-030-36938-5_19
Chakraborty TJajodia SPark NPugliese ASerra ESubrahmanian V(2018)Hybrid adversarial defenseJournal of Computer Security10.3233/JCS-17109426:5(615-645)Online publication date: 1-Jan-2018
https://dl.acm.org/doi/10.3233/JCS-171094
Ramaki ARasoolzadegan ABafghi A(2018)A Systematic Mapping Study on Intrusion Alert Analysis in Intrusion Detection SystemsACM Computing Surveys10.1145/318489851:3(1-41)Online publication date: 22-Jun-2018
https://dl.acm.org/doi/10.1145/3184898
Yang KLiu JZhang CFang Y(2018)Adversarial Examples Against the Deep Learning Based Network Intrusion Detection SystemsMILCOM 2018 - 2018 IEEE Military Communications Conference (MILCOM)10.1109/MILCOM.2018.8599759(559-564)Online publication date: 29-Oct-2018
https://dl.acm.org/doi/10.1109/MILCOM.2018.8599759
Pires HAbdelouahab ZLopes DSantos MHamdan HToral-Cruz HAkleylek SMcheick HBoubiche D(2017)A framework for agent-based intrusion detection in wireless sensor networksProceedings of the Second International Conference on Internet of things, Data and Cloud Computing10.1145/3018896.3056805(1-7)Online publication date: 22-Mar-2017
https://dl.acm.org/doi/10.1145/3018896.3056805
Dritsoula LLoiseau PMusacchio J(2017)A Game-Theoretic Analysis of Adversarial ClassificationIEEE Transactions on Information Forensics and Security10.1109/TIFS.2017.271849412:12(3094-3109)Online publication date: 25-Sep-2017
https://dl.acm.org/doi/10.1109/TIFS.2017.2718494
Show More Cited By

View Options

View options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Issue’s Table of Contents