Intrusion Detection for Air Force Networks: Operational, Performance, and Implementation Goals

Abstract

The Command and Control (C2) Protect Mission-Oriented Investigation & Experimentation (MOIE) Project, sponsored by the Air Force, aims to develop and promulgate resources to counter information warfare (IW) threats to military C2 computer networks. One component of the threat dimension is exploitative intrusion activity. The rewards of a successful IW attack on U.S. C2 systems invite attempts at exploitation. At the same time, the number of foreign countries with IW capabilities is increasing rapidly. Since military systems are typically connected to and dependent on public switched networks, they are accessible to an attacker's attempts at exploitation. One technological countermeasure is intrusion detection capability. Once detected, a variety of actions can be taken to thwart an attacker's intentions. In the recent past, intrusion detection capabilities have been developed by both governmental and commercial interests. These nascent capabilities will surely grow and evolve rapidly over the next several years to become far more capable and easier to use than they are today. One can reasonably expect commercial interests to have a leading role in extending this technology. At the same time, it seems prudent to examine intrusion detection technology from the point of U.S. military systems to ensure that the goals for those systems will be met. Will developing intrusion detection capabilities meet the operational, performance, and implementation goals of the U.S. Air Force? To help ensure that they will, the MITRE C2 Protect MOIE project is making Air Force goals for intrusion detection available to commercial interests that may develop capabilities. This paper, a first cut at defining goals, capitalizes on customer and corporate experience with intrusion detection tools as well as knowledge of the problem domain. It creates an information base about intrusion detection, providing a framework for discussing, refining, and enhancing intrusion detection goals.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Oct 01, 1997
Accession Number
ADA459590

Entities

People

  • Leonard J. Lapadula

Organizations

  • MITRE Corporation

Tags

Communities of Interest

  • Cyber

DTIC Thesaurus Topics

  • Air Force
  • Change Detection
  • Command And Control
  • Computer Networks
  • Control Systems
  • Cybersecurity
  • Detection
  • Detectors
  • Information Operations
  • Information Warfare
  • Intrusion
  • Intrusion Detection
  • Intrusion Detection Systems
  • Intrusion Detectors
  • Local Area Networks
  • Network Protocols
  • Operating Systems

Readers

  • Irregular Warfare and Special Operations Cyberspace Operations against Adversarial Threats.
  • Sensor Fusion and Tracking Systems.
  • Software Engineering.

Technology Areas

  • Fully Networked C3
  • Fully Networked C3 - Command and Control