By Topic

IDEA: A New Intrusion Detection Data Source

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

2 Author(s)
Mahoney, W. ; Univ. of Nebraska at Omaha, Omaha ; Sousan, W.

In the context of computer systems, an intrusion is generally considered to be a harmful endeavor to prevent others from legitimate use of that system, to obtain data which is not normally available to the intruder, or to plant data or disrupt data already existent on the machines. Traditionally intrusion detection has relied on two data sources: various log files which record user's activity, and network traffic which contains potential threats. This research presents a system which we call IDEA; the Intrusion DEtection Automata system. We utilize a third source of data for intrusion detection in the form of an instrumented process. Open source software is recompiled using a modified compiler we have created, and the resulting executable program generates the data as it runs. An external monitoring facility then checks the behavior of the program against known good execution paths. These paths are specified either using a domain specific language and hand-written rules, or by running the software in a learning mode and capturing the normal behavior for later comparison.

Published in:

Information Security and Assurance, 2008. ISA 2008. International Conference on

Date of Conference:

24-26 April 2008