Abstract
Todays computing infrastructure is becoming more and more network based. The Internet itself continues to grow rapidly. At the same time, many key information and business resources have been migrated to the Internet thereby exposing sensitive information and operational corporate content. Two disadvantages of network based computing are: (a) networks become vehicles for attacks and (b) external communication networks, like the Internet, are unsecured and information can be sniffed. The financial and economical impacts of these disadvantages are severe. There has been an upwards trend in the 1990s in the number of of Internet connected sites reporting unauthorized use. At the same time, studies have indicated that one third to two thirds of incidents are undetected. Dollar losses are reported as roughly 200 million in 2003 and 450 million the year previously. Even though it is difficult to estimate the impact of network based attacks, these facts and trends are cause for concern: (a) frequent number and severe impact of network based computer attacks, (b) a general increasing trend of such attacks, and (c) a significant percentage of non-detection of such attacks.

This talk outlines the Network Vertical Intrusion Model (NetVIM) for intrusion detection. Intrusion detection systems monitor network and computer resources and may analyze such information for signs of intrusion. NetVIM is a four layer model that is suitable for deployment in intrusion detection systems. NetVIM is proposed to address the issues of network based attacks.