Local attack detection and intrusion route tracing

Midori Asakat; Masahiko Tsuchiyat; Takcfumi Onabuta; Shunji Okazawatt; Shigeki Goto

Local attack detection and intrusion route tracing

Midori Asakat^*, Masahiko Tsuchiyat, Takcfumi Onabuta, Shunji Okazawatt, Shigeki Goto

^*Corresponding author for this work

Research output: Contribution to journal › Article › peer-review

7 Citations (Scopus)

Abstract

At the Information-technology Promotion Agency (IPA), we have been developing a network intrusion detection system called IDA (Intrusion Detection Agent system). IDA system has two distinctive features that most conventional intrusion detection systems lack. First, it has a mechanism for tracing the origin of a break-in by means of mobile agents. Second, it has a new and efficient method of detecting intrusions: rather than continuously monitoring the user's activities, it watches for an event that meets the criteria of an MLSI (Mark Left by Suspected Intruders) and may relate to an intrusion. By this method, IDA described herein can reduce the processing overhead of systems and networks. At present, IDA can detect local attacks that are initiated against a machine to which the attacker already has access and he or she attempts to exceed his or her authority. This paper mainly describes how IDA detects local attacks and traces intrusions.

Original language	English
Pages (from-to)	1826-1833
Number of pages	8
Journal	IEICE Transactions on Communications
Volume	E82-B
Issue number	11
Publication status	Published - 1999
Externally published	Yes

Keywords

Intrusion detection system
Intrusion route
Local attack
MLSI
Mobile agents

ASJC Scopus subject areas

Electrical and Electronic Engineering
Computer Networks and Communications

Cite this

@article{c9e6d94b8ef14750b26605d33290a3b4,

title = "Local attack detection and intrusion route tracing",

abstract = "At the Information-technology Promotion Agency (IPA), we have been developing a network intrusion detection system called IDA (Intrusion Detection Agent system). IDA system has two distinctive features that most conventional intrusion detection systems lack. First, it has a mechanism for tracing the origin of a break-in by means of mobile agents. Second, it has a new and efficient method of detecting intrusions: rather than continuously monitoring the user's activities, it watches for an event that meets the criteria of an MLSI (Mark Left by Suspected Intruders) and may relate to an intrusion. By this method, IDA described herein can reduce the processing overhead of systems and networks. At present, IDA can detect local attacks that are initiated against a machine to which the attacker already has access and he or she attempts to exceed his or her authority. This paper mainly describes how IDA detects local attacks and traces intrusions.",

keywords = "Intrusion detection system, Intrusion route, Local attack, MLSI, Mobile agents",

author = "Midori Asakat and Masahiko Tsuchiyat and Takcfumi Onabuta and Shunji Okazawatt and Shigeki Goto",

year = "1999",

language = "English",

volume = "E82-B",

pages = "1826--1833",

journal = "IEICE Transactions on Communications",

issn = "0916-8516",

publisher = "Maruzen Co., Ltd/Maruzen Kabushikikaisha",

number = "11",

}

TY - JOUR

T1 - Local attack detection and intrusion route tracing

AU - Asakat, Midori

AU - Tsuchiyat, Masahiko

AU - Onabuta, Takcfumi

AU - Okazawatt, Shunji

AU - Goto, Shigeki

PY - 1999

Y1 - 1999

N2 - At the Information-technology Promotion Agency (IPA), we have been developing a network intrusion detection system called IDA (Intrusion Detection Agent system). IDA system has two distinctive features that most conventional intrusion detection systems lack. First, it has a mechanism for tracing the origin of a break-in by means of mobile agents. Second, it has a new and efficient method of detecting intrusions: rather than continuously monitoring the user's activities, it watches for an event that meets the criteria of an MLSI (Mark Left by Suspected Intruders) and may relate to an intrusion. By this method, IDA described herein can reduce the processing overhead of systems and networks. At present, IDA can detect local attacks that are initiated against a machine to which the attacker already has access and he or she attempts to exceed his or her authority. This paper mainly describes how IDA detects local attacks and traces intrusions.

AB - At the Information-technology Promotion Agency (IPA), we have been developing a network intrusion detection system called IDA (Intrusion Detection Agent system). IDA system has two distinctive features that most conventional intrusion detection systems lack. First, it has a mechanism for tracing the origin of a break-in by means of mobile agents. Second, it has a new and efficient method of detecting intrusions: rather than continuously monitoring the user's activities, it watches for an event that meets the criteria of an MLSI (Mark Left by Suspected Intruders) and may relate to an intrusion. By this method, IDA described herein can reduce the processing overhead of systems and networks. At present, IDA can detect local attacks that are initiated against a machine to which the attacker already has access and he or she attempts to exceed his or her authority. This paper mainly describes how IDA detects local attacks and traces intrusions.

KW - Intrusion detection system

KW - Intrusion route

KW - Local attack

KW - MLSI

KW - Mobile agents

UR - http://www.scopus.com/inward/record.url?scp=0001748596&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=0001748596&partnerID=8YFLogxK

M3 - Article

AN - SCOPUS:0001748596

SN - 0916-8516

VL - E82-B

SP - 1826

EP - 1833

JO - IEICE Transactions on Communications

JF - IEICE Transactions on Communications

IS - 11

ER -

Local attack detection and intrusion route tracing

Abstract

Keywords

ASJC Scopus subject areas

Other files and links

Fingerprint

Cite this