Conventional intrusion detection models profile entities in the domain. Users, groups of users, files, computers etc are examples of such entities. This works well in the case of Host based intrusion detection. However, in a network profiling physical entities is not very practical. In this research, we propose to extend the conventional intrusion detection model where abstract entities are profiled. These abstract entities are groups of entities or 'aggregates' in the domain. Meta-profiles of these abstract entities can be used effectively to carry out intrusion detection in networks. We have carried out case studies to show the efficacy of the proposed model.
展开▼
