Abstract

AbstractIn this paper, we describe a novel Sensor-Based Intrusion Detection Engine – SenIDS, which can process different security-related data types with various intrusion detection methods. With SenIDS, we can integrate the misuse intrusion detection method and anomaly intrusion detection method into a single structure and algorithm. SenIDS constructs a framework for intrusion detection, which includes sensors (a complex structure including a sub-program and fields representing desired event record source, the user and program activity, variable names and values, etc.) The sensor structure possesses greater ability to detect and handle a variety of complex intrusion scenarios. The intrusion detection rule consists of one or more sensors. Alarms in such rules can be triggered by various intrusion instances. Such processes on these sensors and rules are managed by a Trigger Engine automatically. The Trigger Engine can manage different kinds of sensors and rules for triggering. This enables SenIDS to integrate different intrusion detection methods.

Full Text
Published version (Free)

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call