Revised taxonomy for intrusion-detection systems

Hervé Debar, Marc Dacier, Andreas Wespi

Research output: Contribution to journalArticle

138 Citations (Scopus)

Abstract

Intrusion-detection systems aim at detecting attacks against computer systems and networks, or in general against information systems. Indeed, it is difficult to provide provably secure information systems and to maintain them in such a secure state during their lifetime and utilization. Sometimes, legacy or operational constraints do not even allow the definition of a fully secure information system. Therefore, intrusion-detection systems have the task of monitoring the usage of such systems to detect apparition of insecure states. They detect attempts and active misuse, either by legitimate users of the information systems or by external parties, to abuse their privileges or exploit security vulnerabilities. In a previous paper, we introduced a taxonomy of intrusion-detection systems that highlights the various aspects of this area. This paper extends the taxonomy beyond real-time intrusion detection to include additional aspects of security monitoring, such as vulnerability assessment.

Original languageEnglish
Pages (from-to)361-378
Number of pages18
JournalAnnales des Telecommunications/Annals of Telecommunications
Volume55
Issue number7
Publication statusPublished - Jul 2000
Externally publishedYes

Fingerprint

Intrusion detection
Taxonomies
Information systems
Computer systems
Monitoring
Computer networks

ASJC Scopus subject areas

  • Computer Networks and Communications

Cite this

Revised taxonomy for intrusion-detection systems. / Debar, Hervé; Dacier, Marc; Wespi, Andreas.

In: Annales des Telecommunications/Annals of Telecommunications, Vol. 55, No. 7, 07.2000, p. 361-378.

Research output: Contribution to journalArticle

@article{88531adcb6864301b95f8793bc0caea0,
title = "Revised taxonomy for intrusion-detection systems",
abstract = "Intrusion-detection systems aim at detecting attacks against computer systems and networks, or in general against information systems. Indeed, it is difficult to provide provably secure information systems and to maintain them in such a secure state during their lifetime and utilization. Sometimes, legacy or operational constraints do not even allow the definition of a fully secure information system. Therefore, intrusion-detection systems have the task of monitoring the usage of such systems to detect apparition of insecure states. They detect attempts and active misuse, either by legitimate users of the information systems or by external parties, to abuse their privileges or exploit security vulnerabilities. In a previous paper, we introduced a taxonomy of intrusion-detection systems that highlights the various aspects of this area. This paper extends the taxonomy beyond real-time intrusion detection to include additional aspects of security monitoring, such as vulnerability assessment.",
author = "Herv{\'e} Debar and Marc Dacier and Andreas Wespi",
year = "2000",
month = "7",
language = "English",
volume = "55",
pages = "361--378",
journal = "Annales des Telecommunications",
issn = "0003-4347",
publisher = "Springer Paris",
number = "7",

}

TY - JOUR

T1 - Revised taxonomy for intrusion-detection systems

AU - Debar, Hervé

AU - Dacier, Marc

AU - Wespi, Andreas

PY - 2000/7

Y1 - 2000/7

N2 - Intrusion-detection systems aim at detecting attacks against computer systems and networks, or in general against information systems. Indeed, it is difficult to provide provably secure information systems and to maintain them in such a secure state during their lifetime and utilization. Sometimes, legacy or operational constraints do not even allow the definition of a fully secure information system. Therefore, intrusion-detection systems have the task of monitoring the usage of such systems to detect apparition of insecure states. They detect attempts and active misuse, either by legitimate users of the information systems or by external parties, to abuse their privileges or exploit security vulnerabilities. In a previous paper, we introduced a taxonomy of intrusion-detection systems that highlights the various aspects of this area. This paper extends the taxonomy beyond real-time intrusion detection to include additional aspects of security monitoring, such as vulnerability assessment.

AB - Intrusion-detection systems aim at detecting attacks against computer systems and networks, or in general against information systems. Indeed, it is difficult to provide provably secure information systems and to maintain them in such a secure state during their lifetime and utilization. Sometimes, legacy or operational constraints do not even allow the definition of a fully secure information system. Therefore, intrusion-detection systems have the task of monitoring the usage of such systems to detect apparition of insecure states. They detect attempts and active misuse, either by legitimate users of the information systems or by external parties, to abuse their privileges or exploit security vulnerabilities. In a previous paper, we introduced a taxonomy of intrusion-detection systems that highlights the various aspects of this area. This paper extends the taxonomy beyond real-time intrusion detection to include additional aspects of security monitoring, such as vulnerability assessment.

UR - http://www.scopus.com/inward/record.url?scp=0034226287&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=0034226287&partnerID=8YFLogxK

M3 - Article

VL - 55

SP - 361

EP - 378

JO - Annales des Telecommunications

JF - Annales des Telecommunications

SN - 0003-4347

IS - 7

ER -