Return to d'Auriol's Seminar Page
Brian J. d'Auriol, NetVIM: A Network Vertical Intrusion Detection Model, Invited Talk, Feb. 25, 2004, El Paso del Norte Software Association Meeting, El Paso, TX, USA.
Todays computing infrastructure is becoming more and
more network based. The Internet itself continues to
grow rapidly. At the same time, many key information
and business resources have been migrated to the Internet
thereby exposing sensitive information and operational
corporate content. Two disadvantages of network based
computing are: (a) networks become vehicles for attacks
and (b) external communication networks, like the Internet,
are unsecured and information can be sniffed. The financial
and economical impacts of these disadvantages are severe.
There has been an upwards trend in the 1990s in the number of
of Internet connected sites reporting unauthorized use.
At the same time, studies have indicated that one third
to two thirds of incidents are undetected. Dollar losses
are reported as roughly 200 million in 2003 and 450 million
the year previously. Even though it is difficult to estimate
the impact of network based attacks, these facts and trends
are cause for concern: (a) frequent number and severe impact
of network based computer attacks, (b) a general increasing
trend of such attacks, and (c) a significant percentage of
non-detection of such attacks.
This talk outlines the Network Vertical Intrusion Model
(NetVIM) for intrusion detection. Intrusion detection
systems monitor network and computer resources and may
analyze such information for signs of intrusion. NetVIM
is a four layer model that is suitable for deployment in
intrusion detection systems. NetVIM is proposed to address
the issues of network based attacks.