Computing Reviews
Today's Issue Hot Topics Search Browse Recommended My Account Log In
Review Help
An intrusion-detection model
Denning D. IEEE Transactions on Software EngineeringSE-13 (2):222-232,1987.Type:Article
Date Reviewed: Oct 1 1987

As magnetic media has replaced paper, the problem of controlling data has changed in character, if not in principle [1]. Computers have long been able to collect all the data needed for control, but the volumes involved have overwhelmed those responsible for exercising and assessing control [2]. Finally, a significant step has been taken to determine how data might be audited to give people a useful picture of what threatens it.

The Intrusion Detection System (IDES) is a knowledge-based set of programs that are designed to detect those apparent changes in a user’s behavior that are malicious or to detect someone who is masquerading as the user. IDES may also detect penetration attempts, subversion by Trojan horses or viruses, or resource-monopolization (called ‚Äúdenial of service”) attacks.

IDES models users’ behavior patterns in terms of login frequency; location frequency; login intervals; session duration, output, and resource usage; and login failures. Deviations from established norms are treated as indicators of potential attack.

As the paper makes clear, much work in the field remains. Yet the start is very promising and is one that the author presents with the exemplary clarity, logic, and comprehensiveness that mark all of her works. Computer scientists and auditors alike will find much of value.

The reviewer detected no difference between the paper under review and [3], so readers of either are advised not to seek the other.

Reviewer:  S. A. Kurzban Review #: CR111788
1) Andersen, R. E.EDP auditing in the 1980’s or the vanishing paper trail, ACM SIGSAC Rev. 1, 1 (1981–1982), 6–15.
2) Kurzban, S. A.The future of secure electronic data processing, in Selected papers and presentations from the US Army third automation security workshop (Williamsburg, VA, Dec. 7–10, 1980), 249–253.
3) Denning, D. E.An intrusion detection model, in Proc. of the 1986 IEEE symposium on security and privacy (Oakland, CA, April 7–9, 1986), IEEE, New York, 1986, 118–131.
Bookmark and Share
Would you recommend this review?
Other reviews under "Security": Date
Computer security handbook
Moulton R., Prentice-Hall, Inc., Upper Saddle River, NJ, 1986. Type: Book (9789780131658042)
Aug 1 1987
Identity authentication based on keystroke latencies
Joyce R., Gupta G. Communications of the ACM 33(2): 168-176, 1990. Type: Article
Sep 1 1990
Application of big data for national security: a practitioner’s guide to emerging technologies
Akhgar B., Saathoff G., Arabnia H., Hill R., Staniforth A., Bayerl P., Butterworth-Heinemann, Waltham, MA, 2015.  316, Type: Book (978-0-128019-67-2)
Sep 8 2016

E-Mail This Printer-Friendly
Send Your Comments
Contact Us
Reproduction in whole or in part without permission is prohibited.   Copyright 2004™
Terms of Use
| Privacy Policy