A revised taxonomy for intrusion-detection systems

• Published in: Annales des télécommunications Vol. 55; no. 7-8; pp. 361 - 378
• Main Authors: DEBAR, H, DACIER, M, WESPI, A
• Format: Journal Article
• Language: English
• Published: Heidelberg Springer 01.07.2000; Springer Nature B.V
• Subjects: Access methods and protocols, osi model; Applied sciences; Computer networks; Cybersecurity; Exact sciences and technology; Information systems; Intrusion detection systems; Monitoring; Taxonomy; Telecommunications; Telecommunications and information theory; Teleprocessing networks. Isdn; Knowledge base; Safety; Computer network; Information system; Taxonomy; Intrusion detection systems
• ISSN: 0003-4347; 1958-9395
• DOI: 10.1007/BF02994844

Intrusion-detection systems aim at detecting attacks against computer systems and networks, or in general against information systems. Indeed, it is difficult to provide provably secure information systems and to maintain them in such a secure state during their lifetime and utilization. Sometimes, legacy or operational constraints do not even allow the definition of a fully secure information system. Therefore, intrusion- detection systems have the task of monitoring the usage of such systems to detect apparition of insecure states. They detect attempts and active misuse, either by legitimate users of the information systems or by external parties, to abuse their privileges or exploit security vulnerabilities. In a previous paper [Computer networks 31, 805–822 (1999)], we introduced a taxonomy of intrusion- detection systems that highlights the various aspects of this area. This paper extends the taxonomy beyond real- time intrusion detection to include additional aspects of security monitoring, such as vulnerability assessment.