Intrusion detection: an application of expert systems to computer security

Abstract

Audit trails have long been an important component of a comprehensive computer security program. Unfortunately, the collected audit data is often not regularly analyzed and, in many cases, never even reviewed unless computer abuse is suspected. Many computer intrusions could very likely be discovered quickly if computer system audit trails were inspected on a regular basis by experts trained to recognize intrusive behavior. Intrusion Detection is a new research area in computer security focusing on developing the technology to detect intruders on computer systems in near real-time through the use of software systems that automatically analyze computer system audit trails. This paper presents an overview of current intrusion detection research and technology, The Network Intrusion Detection Expert System (NIDX), a software system recently prototyped by Bellcore, is described as an example of an Intrusion Detection System (IDS).