About the works in the area of intrusion detection systems in computer networks
Material posted: -Publication date: 26-11-2001

In January 2000, the Institute of programming University. Carnegie Mellon (public research Institute, funded by the U.S. Department of defense) in the framework of the program of sustainable information networks prepared a report on the current status of work in the area of intrusion detection systems in computer networks.

This work was funded by the air force USA (Air Force Research Laboratory and Air Force Computer Resources Support Improvement Program). In preparing the material participated the employees of AT&T, Air Force Information Warfare Center, Xerox, Internet Security Systems, Lincoln Laboratory, MITRE.

This report is one of the most comprehensive studies on the current state of intrusion detection systems. Contains a large bibliography and the credentials of a number of research projects on creation of systems of this class.

The main conclusion of the conducted research is that the intrusion detection system in computer networks today are one of the most important elements in building information security system.

According to the report, and a number of other materials currently in the USA is a whole industry of software creation to produce products in two versions: commercial products supplied to the market (Commercial Off-the-Shelf, COTS) and products supplied to the Federal authorities (Government Off-the-Shelf, GOTS). This step is due primarily to the increased vulnerability of commercial systems to information attacks.

For the implementation of this program in the Federal ministries under the leadership of the NSA developed the requirements to the information technologies and software tools. Such requirements are much higher requirements to commercial systems. So it is noted that intrusion detection systems categories GOTS, must be implemented in a number of properties that are not available in commercial products. Among them:

  • integration with the systems of interception of electronic information type is Carnivore;
  • more sophisticated algorithms for the detection of intrusion, adapted to the tracking of well-coordinated attacks outbound, primarily from the intelligence services of foreign States;
  • satisfaction strict standards of information security.

The products of class GOTS is not available for purchase by third parties and supplied for a specific order in the Federal organization that excludes the study of the system architecture of a possible enemy. Unlike commercial systems, the intrusion detection system class GOTS, as a rule, do not use automatic analysis of suspicious events, and to attract highly qualified experts in the field of computer security.

It is noted that for many of this class of systems COTS, in the future, there will be a number of the latest achievements in this field that allow U.S. intelligence agencies to infiltrate information systems supported by these systems.

In the absence of domestic production of software for government agencies, there is a situation dangerous to informational security of Russia when state institutions are established no software is able to provide the required level of security, even after special research.

Tags: USA , threat