Experience with EMERALD to Date
作者: Peter G. Neumann , Phillip A. Porras
DOI:
关键词:
摘要: After summarizing the EMERALD architecture and evolutionary process from which has evolved, this paper focuses on our experience to date in designing, implementing, applying various types of anomalies misuse. The discussion addresses fundamental importance good software engineering practice system - attaining detectability, interoperability, general applicability, future evolvability. It also considers correlation among distributed hierarchical instances EMERALD, needs for additional detection analysis components.
参考文章(6)
Alfonso Valdes, Phillip A. Porras, Live Traffic Analysis of TCP/IP Gateways. network and distributed system security symposium. ,(1998)
Debra Anderson, Thane Frivold, Alfonso Valdes, Next-generation Intrusion Detection Expert System (NIDES)A Summary ,(1997)
Harold S. Javitz, Alfonso Valdes, The NIDES Statistical Component Description and Justification ,(1994)
U. Lindqvist, P.A. Porras, Detecting computer and network misuse through the production-based expert system toolset (P-BEST) ieee symposium on security and privacy. pp. 146- 161 ,(1999) , 10.1109/SECPRI.1999.766911
Raj Jagannathan, None, SYSTEM DESIGN DOCUMENT: NEXT-GENERATION INTRUSION DETECTION EXPERT SYSTEM (NIDES) ,(1993)
R. Jagannathan, Ann Tamaru, Thomas D. Garvey, Teresa F. Lunt, Caveh Jalali, Fred Gilham, Harold S. Javitz, Peter G. Neumann, A REAL-TIME INTRUSION-DETECTION EXPERT SYSTEM (IDES) ,(1992)