Defense-in-depth adaptive intrusion detection system

Wei Wang, Xiuzhen Chen, Xiaohong Guan*, Xiangliang Zhang

*Corresponding author for this work

Research output: Contribution to journalArticlepeer-review

1 Scopus citations

Abstract

Aiming at detecting intrusions across-the-board and at improving detection accuracy, a novel model of defense-in-depth adaptive intrusion detection system (IDS) was presented. In this model, the behaviors in a computer system are monitored according to the general order of the impact of the attacks and divided into three layers including network behaviors, user behaviors and system behaviors. Various methods are then applied to process the data streams from network packages, keystrokes, audit trails, command sequences, file system and system calls obtained in the three layers for intrusion detection. The monitoring decision on intrusion is made by combining the six individual inferences based on information fusion technique. Based on the risk assessment method proposed in this paper, an efficient adaptive policy is drawn as well for IDS to reduce the expense of system resources. The model is tested and the results show that the model presented is effective to detect intrusions and to balance the system security and performance adaptively and dynamically. The model is promising as well in terms of detection accuracy, system resource requirement and implementation in practice.

Original languageEnglish (US)
Pages (from-to)339-342+346
JournalHsi-An Chiao Tung Ta Hsueh/Journal of Xi'an Jiaotong University
Volume39
Issue number4
StatePublished - Apr 1 2005

Keywords

  • Defense-in-depth
  • Information fusion
  • Intrusion detection
  • Network security

ASJC Scopus subject areas

  • Engineering(all)

Fingerprint Dive into the research topics of 'Defense-in-depth adaptive intrusion detection system'. Together they form a unique fingerprint.

Cite this