Revised taxonomy for intrusion-detection systems

Hervé Debar, Marc Dacier, Andreas Wespi

Research output: Contribution to journalArticlepeer-review

180 Scopus citations

Abstract

Intrusion-detection systems aim at detecting attacks against computer systems and networks, or in general against information systems. Indeed, it is difficult to provide provably secure information systems and to maintain them in such a secure state during their lifetime and utilization. Sometimes, legacy or operational constraints do not even allow the definition of a fully secure information system. Therefore, intrusion-detection systems have the task of monitoring the usage of such systems to detect apparition of insecure states. They detect attempts and active misuse, either by legitimate users of the information systems or by external parties, to abuse their privileges or exploit security vulnerabilities. In a previous paper, we introduced a taxonomy of intrusion-detection systems that highlights the various aspects of this area. This paper extends the taxonomy beyond real-time intrusion detection to include additional aspects of security monitoring, such as vulnerability assessment.
Original languageEnglish (US)
Pages (from-to)361-378
Number of pages18
JournalAnnales des Telecommunications/Annals of Telecommunications
Volume55
Issue number7
StatePublished - Jul 1 2000
Externally publishedYes

ASJC Scopus subject areas

  • Electrical and Electronic Engineering

Fingerprint

Dive into the research topics of 'Revised taxonomy for intrusion-detection systems'. Together they form a unique fingerprint.

Cite this