Skip to main content
USENIX
  • Conferences
  • Students
Sign in

connect with us


  •  Twitter
  •  Facebook
  •  LinkedIn
  •  Google+
  •  YouTube

twitter

Tweets by @usenix

usenix conference policies

  • Event Code of Conduct
  • Conference Network Policy
  • Statement on Environmental Responsibility Policy

You are here

Home ยป The DIDS (Distributed Intrusion Detection System) Prototype
Tweet

connect with us

The DIDS (Distributed Intrusion Detection System) Prototype

Authors: 

Steven R. Snapp and Stephen E. Smaha, Haystack Laboratories, Inc.; Daniel M. Teal and Tim Grance, United States Air Force Cryptologic Support Center

Abstract: 

Intrusion detection is the problem of identifying unauthorized use, misuse, and abuse of computer systems by both system insiders and external penetrators. The growth in numbers and complexity of heterogeneous computer networks provides additional implications for the intrusion detection problem. In particular, the increased connectivity of computer systems gives greater access to outsiders, and makes it easier for intruders to avoid detection. We are designing and implementing a prototype Distributed Intrusion Detection System (DIDS) that combines distributed monitoring and data reduction (through individual Host and LAN Monitors) with centralized data analysis (through the DIDS Director) in order to monitor a heterogeneous network of computers. This approach is unique among current intrusion detection systems. One of the problems considered in this paper is the Network-user Identification (NID) problem, which is concerned with tracking a user moving across the network, possibly with a new user-id on each computer. Initial system prototypes have provided quite favorable results on both the NID problem and the detection of other attacks on a network. This paper provides an overview of the motivation behind DIDS, the system architecture and capabilities, and a discussion about the implementation of the system prototype

Steven R. Snapp, Haystack Laboratories, Inc.;

Stephen E. Smaha, Haystack Laboratories, Inc.;

Daniel M. Teal, United States Air Force Cryptologic Support Center

Tim Grance, United States Air Force Cryptologic Support Center

Links

Paper: 
http://usenix.org/publications/library/proceedings/sa92/snapp.pdf
  • Log in or    Register to post comments

© USENIX

  • Privacy Policy
  • Contact Us