A network security monitor
- 1 January 1990
- conference paper
- Published by Institute of Electrical and Electronics Engineers (IEEE)
- p. 296-304
- https://doi.org/10.1109/risp.1990.63859
Abstract
This study concentrates on the security-related issues in a single broadcast LAN (local area network) such as Ethernet. The authors formalize various possible network attacks. Their basic strategy is to develop profiles of usage of network resources and then compare current usage patterns with the historical profile to determine possible security violations. Thus, the work is similar to the host-based intrusion-detection systems. Different from such systems, however, is the use of a hierarchical model to refine the focus of the intrusion-detection mechanism. The authors also report on the development of an experimental LAN monitor currently under implementation. Several network attacks have been simulated, and results on how the monitor has been able to detect these attacks are analyzed. Initial results demonstrate that many network attacks are detectable with the authors' monitor, although it can be defeated.Keywords
This publication has 13 references indexed in Scilit:
- Network security: the parts of the sumPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2003
- Detection of anomalous computer session activityPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2003
- Security problems in the TCP/IP protocol suiteACM SIGCOMM Computer Communication Review, 1989
- Stalking the wily hackerCommunications of the ACM, 1988
- An Intrusion-Detection ModelIEEE Transactions on Software Engineering, 1987
- A survey of issues in computer network securityComputers & Security, 1986
- Security in high-level network protocolsIEEE Communications Magazine, 1985
- The Byzantine Generals ProblemACM Transactions on Programming Languages and Systems, 1982
- Using encryption for authentication in large networks of computersCommunications of the ACM, 1978
- EthernetCommunications of the ACM, 1976