37 research outputs found
The Design of GrIDS: A Graph-Based Intrusion Detection System
This report documents the design of the Graph-based Intrusion Detection System (GrIDS) in reasonable detail. It is intended as a guide to people who wish to understand the implementation, or who have more detailed questions about the design than are addressed elsewhere. GrIDS is a prototype intrusion detection system that was designed to explore the issues involved in doing large scale aggregation of traffic patterns. It features a hierarchical decomposition of the protected organization and its networks. GrIDS puts together reports of incidents and network traffic into graphs, and is able to aggregate those graphs into simpler forms at higher levels of the hierarchy. The prototype was implemented in Perl, by the authors, mainly during 1996. The prototype is usable, and has been run extensively on our network, but does not have the security and fault-tolerance features that would be needed for production use