37 research outputs found

    The Design of GrIDS: A Graph-Based Intrusion Detection System

    No full text
    This report documents the design of the Graph-based Intrusion Detection System (GrIDS) in reasonable detail. It is intended as a guide to people who wish to understand the implementation, or who have more detailed questions about the design than are addressed elsewhere. GrIDS is a prototype intrusion detection system that was designed to explore the issues involved in doing large scale aggregation of traffic patterns. It features a hierarchical decomposition of the protected organization and its networks. GrIDS puts together reports of incidents and network traffic into graphs, and is able to aggregate those graphs into simpler forms at higher levels of the hierarchy. The prototype was implemented in Perl, by the authors, mainly during 1996. The prototype is usable, and has been run extensively on our network, but does not have the security and fault-tolerance features that would be needed for production use
    corecore