|
Experience with EMERALD to Date
by Dr. Peter Neumann & Phillip Porras.
From First USENIX Workshop on Intrusion Detection and Network Monitoring. Santa Clara, California. April, 1999. Pages 7380.
Abstract
After summarizing the EMERALD architecture and the evolutionary process from which
EMERALD has evolved, this paper focuses on our experience to date in designing,
implementing, and applying EMERALD to various types of anomalies and misuse. The
discussion addresses the fundamental importance of good software engineering practice and
the importance of the system architecture -- in attaining detectability, interoperability, general
applicability, and future evolvability. It also considers the importance of correlation among
distributed and hierarchical instances of EMERALD, and needs for additional detection and
analysis components.
BibTEX Entry
@inproceedings{det99,
AUTHOR = {Peter {G.} Neumann and Phillip {A.} Porras},
TITLE = {Experience with {EMERALD} to Date},
BOOKTITLE = {First {USENIX} Workshop on Intrusion Detection and Network Monitoring},
YEAR = {1999},
PAGES = {73-80},
ADDRESS = {Santa Clara, California},
MONTH = {apr},
URL = {http://www.csl.sri.com/papers/det99/}
}
Files
|
|