State of the Practice of Intrusion Detection Technologies

Authors
Julia Allen
Alan Christie
William Fithen
John McHugh
Jed Pickel
Ed Stoner

Contributors
James Ellis
Eric Hayes
Jerome Marella
Bradford Willke

Technical Report
CMU/SEI-99-TR-028

PDF File
HTML File

Attacks on the nation's computer infrastructures are a serious problem. Over the past 12 years, the growing number of computer security incidents on the Internet has reflected the growth of the Internet itself. Because most deployed computer systems are vulnerable to attack, intrusion detection (ID) is a rapidly developing field. Intrusion detection is an important technology business sector as well as an active area of research. Vendors make many claims for their products in the commercial marketplace so separating hype from reality can be a major challenge. A goal of this report is to provide an unbiased assessment of publicly available ID technology. We hope this will help those who purchase and use ID technology to gain a realistic understanding of its capabilities and limitations. The report raises issues that we believe are important for ID system (IDS) developers to address as they formulate product strategies. The report also points out relevant issues for the research community as they formulate research directions and allocate funds.

© 2009 Carnegie Mellon University