Intrusion Detection: Generics and State-of-the-Art (la Detection de l'intrusion: Modeles generiques et etat de l'art)
NATO RESEARCH AND TECHNOLOGY ORGANIZATION NEUILLY-SUR-SEINE (FRANCE)
Pagination or Media Count:
This report presents the generics and describes state-of-the-art of Intrusion Detection Systems IDSs. The report also aims at highlighting some of the issues for use of co-operative IDSs in a coalition environment. To facilitate the discussions and analysis, generic models are introduced. This includes the IDS generic model, where an IDS consists of sensor, management and alarm-processing components and optionally may have reaction, deception, and visualisation components. To show how IDSs can be deployed and operate at different locations in a Communication and Information System CIS, a generic model based on the CIS architecture is introduced as well. Finally, these generic models are extended as a way to look at intrusion detection in a coalition environment. The report describes and discusses IDS analyser techniques, examples of commercial products, standardisation efforts, and several issues regarding interoperability, management, performance, availability, and privacy. Furthermore IDSs are discussed in relation to early warning of an intrusion in a CIS, and the need for evidence collection after an intrusion has occurred. The discussions and analysis show that IDSs are useful in detection of intrusions in a CIS, even though several black spots are identified. It is also shown that IDS deployment and co-operation in coalition environments still need a great deal of research, development, standardisation, together with policy and management considerations.
- Computer Systems Management and Standards