State of the Practice of Intrusion Detection Technologies

REPORT DOCUMENTATION PAGE			Form Approved OMB No. 0704-0188
Public reporting burden for this collection of information is estimated to average 1 hour per response, including the time for reviewing instructions, searching existing data sources, gathering and maintaining the data needed, and completing and reviewing the collection of information. Send comments regarding this burden estimate or any other aspect of this collection of information, including suggestions for reducing this burden, to Washington Headquarters Services, Directorate for information Operations and Reports, 1215 Jefferson Davis Highway, Suite 1204, Arlington, VA 22202-4302, and to the Office of Management and Budget, Paperwork Reduction Project (0704-0188), Washington, DC 20503.
1. agency use only (leave blank)		2. report date January 2000	3. report type and dates covered Final
4. title and subtitle State of the Practice of Intrusion Detection Technologies			5. funding numbers C — F19628-95-C-0003
6. author(s) Julia Allen, Alan Christie, William Fithen, John McHugh, Jed Pickel, Ed Stoner
7. performing organization name(s) and address(es) Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213			8. performing organization report number CMU/SEI-99-TR-028
9. sponsoring/monitoring agency name(s) and address(es) HQ ESC/XPK 5 Eglin Street Hanscom AFB, MA 01731-2116			10. sponsoring/monitoring agency report number ESC-TR-99-028
11. supplementary notes
12.a distribution/availability statement Unclassified/Unlimited, DTIC, NTIS			12.b distribution code
13. abstract (maximum 200 words) Attacks on the nation's computer infrastructures are a serious problem. Over the past 12 years, the growing number of computer security incidents on the Internet has reflected the growth of the Internet itself. Because most deployed computer systems are vulnerable to attack, intrusion detection (ID) is a rapidly developing field. Intrusion detection is an important technology business sector as well as an active area of research. Vendors make many claims for their products in the commercial marketplace so separating hype from reality can be a major challenge. A goal of this report is to provide an unbiased assessment of publicly available ID technology. We hope this will help those who purchase and use ID technology to gain a realistic understanding of its capabilities and limitations. The report raises issues that we believe are important for ID system (IDS) developers to address as they formulate product strategies. The report also points out relevant issues for the research community as they formulate research directions and allocate funds.
14. subject terms intrusion detection, intrusion detection systems, intrusion detection technologies, IDS, computer security, information security, network security			15. number of pages 231
			16. Price Code
17. security classification of report UNCLASSIFIED	18. security classification of this page UNCLASSIFIED	19. security classification of abstract UNCLASSIFIED	20. limitation of abstract UL
NSN 7540-01-280-5500	Standard Form 298 (Rev. 2-89) Prescribed by ANSI Std. Z39-18 298-102

[Title Page] [Abstract] [Figures] [Acknowledgments] [Executive Summary] [Preface] [Section 1] [Section 2] [Section 3] [Section 4] [Section 5] [Appendix A] [Appendix B] [Appendix C] [Appendix D] [Appendix E] [Appendix F] [DTIC page] [PDF file]