Accession Number : ADA447302


Title :   Designing and Implementing a Family of Intrusion Detection Systems


Descriptive Note : Conference paper


Corporate Author : CALIFORNIA UNIV SANTA BARBARA DEPT OF COMPUTER SCIENCE


Personal Author(s) : Kemmerer, Richard A


Full Text : https://apps.dtic.mil/dtic/tr/fulltext/u2/a447302.pdf


Report Date : 01 Nov 2004


Pagination or Media Count : 57


Abstract : This talk describes a framework for the development of intrusion detection systems, called STAT, that overcomes many existing limitations. The STAT framework includes a domain-independent attack modeling language and a domain-independent event processing analysis engine. The framework can be extended in a well-defined way to match new domains, new event sources, and new responses. The resulting set of applications is a software family whose members share a number of features, including dynamic reconfigurability and a fine-grained control over a wide range of characteristics. The main advantage of this approach is the limited development effort and the increased reuse that result from using an object-oriented framework and a component-based approach. STAT is both unique and novel. First, STAT is the only known framework-based approach to the development of intrusion detection systems. Second, even though the use of frameworks to develop families of systems is a well-known approach, the STAT framework is novel in the fact that the framework extension process includes, as a by-product, the generation of an attack modeling language closely tailored to the target environment. This talk focuses primarily on the STAT framework.


Descriptors :   *PROGRAMMING LANGUAGES , *SOFTWARE TOOLS , *INTRUSION DETECTION(COMPUTERS) , ANOMALIES , INFORMATION SECURITY , DATA TRANSMISSION SECURITY , COMPUTER ACCESS CONTROL , SYMPOSIA


Subject Categories : Computer Programming and Software
      Computer Systems Management and Standards


Distribution Statement : APPROVED FOR PUBLIC RELEASE