The Center for Education and Research in Information Assurance and Security (CERIAS)

The Center for Education and Research in
Information Assurance and Security (CERIAS)
Center for Education and Research in Information Assurance and Security

Data Collection Mechanisms for Intrusion Detection Systems

Download

Download PDF Document
PDF

Author

Eugene Spafford, Diego Zamboni

Tech report number

CERIAS TR 2000-08

Entry type

techreport

Abstract

Drawing from the experience obtained during the development and testing of a distributed intrusion detection system, we reflect on the data collection needs of intrusion detection systems, and on the limitations that are faced when using the data collection mechanisms built into most operating systems. We claim that it is best for an intrusion detection system to be able to collect its data by looking directly at the operations of network packets. Furthermore, for collecting data in an efficient, reliable and complete fashion, incorporation of monitoring mechanisms in the source code of the operating system and its applications is needed.

Download

PDF

URL

https://www.cerias.purdue.edu/papers/archive/2000-08.pdf

Key alpha

Spafford

School

Purdue University

Affiliation

CERIAS

Publication Date

1900-01-01

Keywords

data collection, intrusion detection

BibTex-formatted data

To refer to this entry, you may select and copy the text below and paste it into your BibTex document. Note that the text may not contain all macros that BibTex supports.