At the Information-technology Promotion Agency (IPA), we have been developing a network intrusion detection system called IDA (Intrusion Detection Agent system). IDA system has two distinctive features that most conventional intrusion detection systems lack. First, it has a mechanism for tracing the origin of a break-in by means of mobile agents. Second, it has a new and efficient method of detecting intrusions: rather than continuously monitoring the user's activities, it watches for an event that meets the criteria of an MLSI (Mark Left by Suspected Intruders) and may relate to an intrusion. By this method, IDA described herein can reduce the processing overhead of systems and networks. At present, IDA can detect local attacks that are initiated against a machine to which the attacker already has access and he or she attempts to exceed his or her authority. This paper mainly describes how IDA detects local attacks and traces intrusions.
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
Copy
Midori ASAKA, Masahiko TSUCHIYA, Takefumi ONABUTA, Shunji OKAZAWA, Shigeki GOTO, "Local Attack Detection and Intrusion Route Tracing" in IEICE TRANSACTIONS on Communications,
vol. E82-B, no. 11, pp. 1826-1833, November 1999, doi: .
Abstract: At the Information-technology Promotion Agency (IPA), we have been developing a network intrusion detection system called IDA (Intrusion Detection Agent system). IDA system has two distinctive features that most conventional intrusion detection systems lack. First, it has a mechanism for tracing the origin of a break-in by means of mobile agents. Second, it has a new and efficient method of detecting intrusions: rather than continuously monitoring the user's activities, it watches for an event that meets the criteria of an MLSI (Mark Left by Suspected Intruders) and may relate to an intrusion. By this method, IDA described herein can reduce the processing overhead of systems and networks. At present, IDA can detect local attacks that are initiated against a machine to which the attacker already has access and he or she attempts to exceed his or her authority. This paper mainly describes how IDA detects local attacks and traces intrusions.
URL: https://global.ieice.org/en_transactions/communications/10.1587/e82-b_11_1826/_p
Copy
@ARTICLE{e82-b_11_1826,
author={Midori ASAKA, Masahiko TSUCHIYA, Takefumi ONABUTA, Shunji OKAZAWA, Shigeki GOTO, },
journal={IEICE TRANSACTIONS on Communications},
title={Local Attack Detection and Intrusion Route Tracing},
year={1999},
volume={E82-B},
number={11},
pages={1826-1833},
abstract={At the Information-technology Promotion Agency (IPA), we have been developing a network intrusion detection system called IDA (Intrusion Detection Agent system). IDA system has two distinctive features that most conventional intrusion detection systems lack. First, it has a mechanism for tracing the origin of a break-in by means of mobile agents. Second, it has a new and efficient method of detecting intrusions: rather than continuously monitoring the user's activities, it watches for an event that meets the criteria of an MLSI (Mark Left by Suspected Intruders) and may relate to an intrusion. By this method, IDA described herein can reduce the processing overhead of systems and networks. At present, IDA can detect local attacks that are initiated against a machine to which the attacker already has access and he or she attempts to exceed his or her authority. This paper mainly describes how IDA detects local attacks and traces intrusions.},
keywords={},
doi={},
ISSN={},
month={November},}
Copy
TY - JOUR
TI - Local Attack Detection and Intrusion Route Tracing
T2 - IEICE TRANSACTIONS on Communications
SP - 1826
EP - 1833
AU - Midori ASAKA
AU - Masahiko TSUCHIYA
AU - Takefumi ONABUTA
AU - Shunji OKAZAWA
AU - Shigeki GOTO
PY - 1999
DO -
JO - IEICE TRANSACTIONS on Communications
SN -
VL - E82-B
IS - 11
JA - IEICE TRANSACTIONS on Communications
Y1 - November 1999
AB - At the Information-technology Promotion Agency (IPA), we have been developing a network intrusion detection system called IDA (Intrusion Detection Agent system). IDA system has two distinctive features that most conventional intrusion detection systems lack. First, it has a mechanism for tracing the origin of a break-in by means of mobile agents. Second, it has a new and efficient method of detecting intrusions: rather than continuously monitoring the user's activities, it watches for an event that meets the criteria of an MLSI (Mark Left by Suspected Intruders) and may relate to an intrusion. By this method, IDA described herein can reduce the processing overhead of systems and networks. At present, IDA can detect local attacks that are initiated against a machine to which the attacker already has access and he or she attempts to exceed his or her authority. This paper mainly describes how IDA detects local attacks and traces intrusions.
ER -