SRI International’s real-time intrusion-detection expert system (IDES) system contains a statistical subsystem that observes behavior on a moniioreci cornpuier system and adaptively learns what is normal for individual users and groups OJ users. The statistical subsystem also monitors observed behavior and iclentifes behavior as a potential intrusion (or misuse by authorized users) if it deviates significantly from expected behavior. The multivariate methods used to profile normal behavior and identify deviations from expected behavior are ezplained in detail. The statistical test for abnormahiy contains a number of parameters that must be initialized and the substantive issues relating to setting those parameter values are discussed. Overview The SRI IDES1 system is a real-time intrusion detection expert system that observes behavior on a monitored computer system and adaptively learns what is normal for individllal users, groups, remote hosts and the overall system [1]. Observed b...
H. S. Javitz, A. Valdes