Towards a taxonomy of intrusion-detection systems

Intrusion-detection systems aim at detecting attacks against computer syste ms and networks, or against information systems in general, as it is diffic ult to provide provably secure information systems and maintain them in suc h a secure state for their entire lifetime and for every utilization. Somet imes, legacy or operational constraints do not even allow a fully secure in formation system to be realized at all. Therefore, the task of intrusion-de tection systems is to monitor the usage of such systems and to detect the a pparition of insecure states. They detect attempts and active misuse by leg itimate users of the information systems or external parties to abuse their privileges or exploit security vulnerabilities. In this paper, we introduc e a taxonomy of intrusion-detection systems that highlights the various asp ects of this area. This taxonomy defines families of intrusion-detection sy stems according to their properties. It is illustrated by numerous examples from past and current projects. (C) 1999 Elsevier Science B.V. All rights reserved.