A Historical Perspective

by

A Historical Perspective
a)Historical Timeline
In the beginning, the field of intrusion detection research was mainly focused on host-based event log analysis. The field has, in the recent years, progressed to get to where it is today. Here is a brief timeline.
1980- James P. Anderson proposes in a report that audit records can be used to identify computer misuse. He builds taxonomy of threat classifications (Proctor, 2001, p.22).
1985- SRI builds the Intrusion Detection Expert System (IDES), which was the first to use both statistical and rule-based techniques in one application.
1986- Dorothy Dennings publishes An Intrusion Model (Proctor, 2001, p.23).
1987- The First annual Intrusion Detection Workshop at SRI (Proctor,2001,p.23).
1989- Network intrusion detection is born.(Proctor,2001, p.23).
1990- US Navy does a study of intrusion detection and comes up with 29 systems . From which one was to be picked and implemented in a selected Navy Enterprise.
1992- Computer Misuse of Dection Systems(CMDS) is developed by Screen Application International Corporation (SAIC)(Proctor ,2001, p.24) and it became the first ever commercially available host-based intrusion dectection system that was targeted at UNIX.
1994- Wheelgroup is formed with the purpose of commercializing Network Intrusion detection systems.
1997- Cisco acquires Wheelgroup.
1998-Centrax Corporation releases eNTRAX which is a widely distributed host-based intrusion detection system designed for Windows NT.
1999-The Federal Intrusion Detection Network (FIDNet)is created to detect network infrastructures attacks against government sites(Proctor,2001,p.24).
b). Early System And Their Features
By as early as 1990 there were as many as 30 research systems developed at the time. Examples of this can be found in the 1991 Navy Study (US NAVY Technical Report SA 1100505-133-100,February 28,1991).
The features of early systems were measured against a criteria that was focused generally on three key requirement areas: -Effectivenesss, SSO Interface and Adaptability.
C). Historical Lessons
First and foremost early systems had three major flaws in their working .These were:
1. They could not process data from other systems other than the original. 2. They were unable to analyze data from different target enviroments other than what they were designed for. And lastly they had terrible user interfaces. (Proctor, 2001,p.30) For intrusion detection systems to move from the labs to operational enviroments, these three flaws needed to be addressed properly.Another observation drawn, is that intrusion detection systems work better in desicion support context rather than to be used as a cybercop.
CHAPTER 3 : Network- Based Intrusion Detection Systems
Most network-based attacks are directed towards operating system weakness which can be exploited by various means such as: Unauthorized access, unauthorized login, Jump-Off point for other attacks, Data/ Resource theft, Packet flooding, Password Downloads, Bandwidth theft, Denial of Service, Malformed packets and Distributed Denial of Service.
Architecture
The basic structure of a Network-based detection systems consist of sensors deployed throughout a network that report to a central console.(Proctor,2001,p.35) .These sensors are normally self-contained detection enignes that obtain network packets, search for patterns of misuse and then eventualiy report this to a central command console. There are two types:
1.Traditional Sensor based architecture. 2. Network-node architecture.
Operational Concept
In general network-based intrusion detection systems perform as well as they are operated. There are two primary operational modes to use network-based intrusion detection systems, these are: Tip-Off and Surveillance.
Benefits Of Network –Based Intrusion Detection Systems
There are a number of benefits derived from using these systems, which include:
1.Outsider Deterrences
2.Detection
3.Automated Response and Notification
Challenges Facing Network-Based Technologies
Some of the key challenges facing network-based technologies include:
1 Packet Loss on High-speed networks, switched networks and encryption.
2. Development of Sniffer Detection programs are vulnerable targets.
References
Paul E. Proctor, Copyright © 2001 by Pearson Education, Inc.
The Practical Intrusion Detection Handbook,
Published By Prentice Hall.
Print.

Latest Assignments


All Rights Reserved.
Disclaimer: for assistance purposes only. These custom papers should be used with proper reference.
Terms and Conditions | Privacy Policy