The architecture of a network level intrusion detection system Page: 4 of 21
This report is part of the collection entitled: Office of Scientific & Technical Information Technical Reports and was provided to UNT Digital Library by the UNT Libraries Government Documents Department.
Extracted Text
The following text was automatically extracted from the image on this page using optical character recognition software:
The Architecture of a Network Level Intrusion
Detection System*
Richard Heady George Luger Arthur Maccabe
Mark Servilla
Department of Computer Science
University of New Mexico
Albuquerque, NM 87131
August 15, 1990
Abstract
This paper presents the preliminary architecture of a network level in-
trusion detection system. The proposed system will monitor base level in-
formation in network packets (source, destination, packet size, and time),
learning the 'normal' patterns and announcing anomalies as they occur.
The goal of this reserach is to determine the applicability of current in-
trusion detection technology to the detection of network level intrusions.
In particular, we are investigating the possibility of using this technology
to detect and react to worm programs.
1 Introduction
Protection of resources is an important aspect of any computing system. Three
aspects of network/distributed systems make these systems more vulnerable to
attack than independent machines: 1) networks typically provide more resources
than independent machines, 2) network systems are typically configured to fa-
cilitate resource sharing, and 3) global protection policies which are applied to
all of the machines in a network are rare.
The research project described in this report is aimed at investigating the
applicability of intrusion detection techniques to detect network level intrusions.
In particular, we are investigating the possibility of developing a system which
can detect and react to worm programs. A "worm" program is characterized by
the fact that the program moves from one node in a network to another. The
*This work was supported in part by the Office of Safeguards and Security of the US Dep.
of Energy through the Nuclear Safeguards Group (N-4) of Los Alamos National Laboratory.
1
DISTRIBUTION OF THIS DOCUMENT IS UNLIMITED
//__
Upcoming Pages
Here’s what’s next.
Search Inside
This report can be searched. Note: Results may vary based on the legibility of text within the document.
Tools / Downloads
Get a copy of this page or view the extracted text.
Citing and Sharing
Basic information for referencing this web page. We also provide extended guidance on usage rights, references, copying or embedding.
Reference the current page of this Report.
Heady, R.; Luger, G.; Maccabe, A. & Servilla, M. The architecture of a network level intrusion detection system, report, August 15, 1990; New Mexico. (https://digital.library.unt.edu/ark:/67531/metadc684139/m1/4/: accessed April 23, 2024), University of North Texas Libraries, UNT Digital Library, https://digital.library.unt.edu; crediting UNT Libraries Government Documents Department.