As magnetic media has replaced paper, the problem of controlling data has changed in character, if not in principle [1]. Computers have long been able to collect all the data needed for control, but the volumes involved have overwhelmed those responsible for exercising and assessing control [2]. Finally, a significant step has been taken to determine how data might be audited to give people a useful picture of what threatens it.
The Intrusion Detection System (IDES) is a knowledge-based set of programs that are designed to detect those apparent changes in a user’s behavior that are malicious or to detect someone who is masquerading as the user. IDES may also detect penetration attempts, subversion by Trojan horses or viruses, or resource-monopolization (called “denial of service”) attacks.
IDES models users’ behavior patterns in terms of login frequency; location frequency; login intervals; session duration, output, and resource usage; and login failures. Deviations from established norms are treated as indicators of potential attack.
As the paper makes clear, much work in the field remains. Yet the start is very promising and is one that the author presents with the exemplary clarity, logic, and comprehensiveness that mark all of her works. Computer scientists and auditors alike will find much of value.
The reviewer detected no difference between the paper under review and [3], so readers of either are advised not to seek the other.