Towards a taxonomy of intrusion-detection systems

Hervé Debar, Marc Dacier, Andreas Wespi

Research output: Contribution to journalArticle

366 Citations (Scopus)

Abstract

Intrusion-detection systems aim at detecting attacks against computer systems and networks, or against information systems in general, as it is difficult to provide provably secure information systems and maintain them in such a secure state for their entire lifetime and for every utilization. Sometimes, legacy or operational constraints do not even allow a fully secure information system to be realized at all. Therefore, the task of intrusion-detection systems is to monitor the usage of such systems and to detect the apparition of insecure states. They detect attempts and active misuse by legitimate users of the information systems or external parties to abuse their privileges or exploit security vulnerabilities. In this paper, we introduce a taxonomy of intrusion-detection systems that highlights the various aspects of this area. This taxonomy defines families of intrusion-detection systems according to their properties. It is illustrated by numerous examples from past and current projects.

Original languageEnglish
Pages (from-to)805-822
Number of pages18
JournalComputer Networks
Volume31
Issue number8
DOIs
Publication statusPublished - 23 Apr 1999
Externally publishedYes

Fingerprint

Intrusion detection
Taxonomies
Information systems
Computer systems
Computer networks

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Electrical and Electronic Engineering

Cite this

Towards a taxonomy of intrusion-detection systems. / Debar, Hervé; Dacier, Marc; Wespi, Andreas.

In: Computer Networks, Vol. 31, No. 8, 23.04.1999, p. 805-822.

Research output: Contribution to journalArticle

Debar, Hervé ; Dacier, Marc ; Wespi, Andreas. / Towards a taxonomy of intrusion-detection systems. In: Computer Networks. 1999 ; Vol. 31, No. 8. pp. 805-822.
@article{8340730233da447885002dffdb8a0bf0,
title = "Towards a taxonomy of intrusion-detection systems",
abstract = "Intrusion-detection systems aim at detecting attacks against computer systems and networks, or against information systems in general, as it is difficult to provide provably secure information systems and maintain them in such a secure state for their entire lifetime and for every utilization. Sometimes, legacy or operational constraints do not even allow a fully secure information system to be realized at all. Therefore, the task of intrusion-detection systems is to monitor the usage of such systems and to detect the apparition of insecure states. They detect attempts and active misuse by legitimate users of the information systems or external parties to abuse their privileges or exploit security vulnerabilities. In this paper, we introduce a taxonomy of intrusion-detection systems that highlights the various aspects of this area. This taxonomy defines families of intrusion-detection systems according to their properties. It is illustrated by numerous examples from past and current projects.",
author = "Herv{\'e} Debar and Marc Dacier and Andreas Wespi",
year = "1999",
month = "4",
day = "23",
doi = "10.1016/S1389-1286(98)00017-6",
language = "English",
volume = "31",
pages = "805--822",
journal = "Computer Networks",
issn = "1389-1286",
publisher = "Elsevier",
number = "8",

}

TY - JOUR

T1 - Towards a taxonomy of intrusion-detection systems

AU - Debar, Hervé

AU - Dacier, Marc

AU - Wespi, Andreas

PY - 1999/4/23

Y1 - 1999/4/23

N2 - Intrusion-detection systems aim at detecting attacks against computer systems and networks, or against information systems in general, as it is difficult to provide provably secure information systems and maintain them in such a secure state for their entire lifetime and for every utilization. Sometimes, legacy or operational constraints do not even allow a fully secure information system to be realized at all. Therefore, the task of intrusion-detection systems is to monitor the usage of such systems and to detect the apparition of insecure states. They detect attempts and active misuse by legitimate users of the information systems or external parties to abuse their privileges or exploit security vulnerabilities. In this paper, we introduce a taxonomy of intrusion-detection systems that highlights the various aspects of this area. This taxonomy defines families of intrusion-detection systems according to their properties. It is illustrated by numerous examples from past and current projects.

AB - Intrusion-detection systems aim at detecting attacks against computer systems and networks, or against information systems in general, as it is difficult to provide provably secure information systems and maintain them in such a secure state for their entire lifetime and for every utilization. Sometimes, legacy or operational constraints do not even allow a fully secure information system to be realized at all. Therefore, the task of intrusion-detection systems is to monitor the usage of such systems and to detect the apparition of insecure states. They detect attempts and active misuse by legitimate users of the information systems or external parties to abuse their privileges or exploit security vulnerabilities. In this paper, we introduce a taxonomy of intrusion-detection systems that highlights the various aspects of this area. This taxonomy defines families of intrusion-detection systems according to their properties. It is illustrated by numerous examples from past and current projects.

UR - http://www.scopus.com/inward/record.url?scp=0033293396&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=0033293396&partnerID=8YFLogxK

U2 - 10.1016/S1389-1286(98)00017-6

DO - 10.1016/S1389-1286(98)00017-6

M3 - Article

AN - SCOPUS:0033293396

VL - 31

SP - 805

EP - 822

JO - Computer Networks

JF - Computer Networks

SN - 1389-1286

IS - 8

ER -