Share Email Print

Proceedings Paper

Detection of intrusion across multiple sensors
Author(s): William J. Long; Jon Doyle; Glenn Burke; Peter Szolovits
Format Member Price Non-Member Price
PDF $17.00 $21.00

Paper Abstract

We have been developing an architecture for reasoning with multiple sensors distributed on a computer network, linking them with analysis modules and reasoning with the results to combine evidence of possible intrusion for display to the user. The architecture, called MAITA, consists of monitors distributed across machines and linked together under control of the user and supported by a monitor of monitors that manages the interaction among the monitors. This architecture enables the system to reason about evidence from multiple sensors. For example, a monitor can track FTP logs to detect password scans followed by successful uploads of data from foreign sites. At the same time it can monitor disk use and detect significant trends. Monitors can then combine the evidence in the sequence in which they occur and present evidence to the user that someone has successfully gained write access to the FTP site and is occupying significant disk space. This paper discusses the architecture enabling the creation, linking, and support of the monitors. The monitors may be running on the same or different machines and so appropriate communication links must be supported as well as regular status checks to ensure that monitors are still running. We will also discuss the construction of monitors for sensing the data, abstracting and characterizing data, synchronizing data from different sources, detecting patterns, and displaying the results.

Paper Details

Date Published: 8 August 2003
PDF: 9 pages
Proc. SPIE 5107, System Diagnosis and Prognosis: Security and Condition Monitoring Issues III, (8 August 2003); doi: 10.1117/12.488478
Show Author Affiliations
William J. Long, Massachusetts Institute of Technology (United States)
Jon Doyle, North Carolina State Univ. (United States)
Glenn Burke, Massachusetts Institute of Technology (United States)
Peter Szolovits, Massachusetts Institute of Technology (United States)

Published in SPIE Proceedings Vol. 5107:
System Diagnosis and Prognosis: Security and Condition Monitoring Issues III
Peter K. Willett; Thiagalingam Kirubarajan, Editor(s)

© SPIE. Terms of Use
Back to Top
Sign in to read the full article
Create a free SPIE account to get access to
premium articles and original research
Forgot your username?