Designing and Implementing a Family of Intrusion Detection Systems
Abstract
This talk describes a framework for the development of intrusion detection systems, called STAT, that overcomes many existing limitations. The STAT framework includes a domain-independent attack modeling language and a domain-independent event processing analysis engine. The framework can be extended in a well-defined way to match new domains, new event sources, and new responses. The resulting set of applications is a software family whose members share a number of features, including dynamic reconfigurability and a fine-grained control over a wide range of characteristics. The main advantage of this approach is the limited development effort and the increased reuse that result from using an object-oriented framework and a component-based approach. STAT is both unique and novel. First, STAT is the only known framework-based approach to the development of intrusion detection systems. Second, even though the use of frameworks to develop families of systems is a well-known approach, the STAT framework is novel in the fact that the framework extension process includes, as a by-product, the generation of an attack modeling language closely tailored to the target environment. This talk focuses primarily on the STAT framework.
Document Details
- Document Type
- Technical Report
- Publication Date
- Nov 01, 2004
- Accession Number
- ADA447302
Entities
People
- Richard A. Kemmerer
Organizations
- University of California, Santa Barbara