Intrusion-detection systems aim at detecting attacks against computer systems and networks, or in general against information systems. Indeed, it is difficult to provide provably secure information systems and to maintain them in such a secure state during their lifetime and utilization. Sometimes, legacy or operational constraints do not even allow the definition of a fully secure information system. Therefore, intrusion-detection systems have the task of monitoring the usage of such systems to detect apparition of insecure states. They detect attempts and active misuse, either by legitimate users of the information systems or by external parties, to abuse their privileges or exploit security vulnerabilities. In a previous paper [Computer Networks 31, 805-822 (1999)], we introduced a taxonomy of intrusion-detection systems that highlights the various aspects of this area. This paper extends the taxonomy beyond real-time intrusion detection to include additional aspects of security monitoring, such as vulnerability assessment.
By: H. Debar, M. Dacier and A. Wespi
Published in: Annales des Telecommunications, volume 55, (no 7-8), pages 361-78 in 2000
Please obtain a copy of this paper from your local library. IBM cannot distribute this paper externally.
Questions about this service can be mailed to reports@us.ibm.com .