Abstract
Detecting intruders on computer networks
appears to be as much an art as it is a science. Most network
intrusion detection (NID) tools available nowadays tend to search for
patterns in the network stream that match specific intruder activity.
But is it possible to catch intruders by looking at network data in a
more general way?
Some recent research shows that by devising careful measurements of network activity, we can detect malicious activity based solely on the metrics of certain network data. This talk will discuss some of the implications of this work, and present the work being done in this area with the Fuzzy Intrusion Recognition Engine (FIRE) at ISU. It will also discuss some techniques that the FIRE project has been using to visualize intrusions.