Publication details

Home Publication details

A conceptual architecture for real-time intrusion monitoring
Furnell SM, Haskell-Dowland PS (Dowland PS)
Information Management and Computer Security, vol. 8, no. 2, pp65-74, 2000
Download links:  Download PDF

The detection and prevention of authorised activities, by both external parties and internal personnel, is an important issue within IT systems. Traditional methods of user authentication and access control do not provide comprehensive protection and offer opportunities for compromise by various classes of abuser. A potential solution is provided in the form of intrusion detection systems, which are able to provide proactive monitoring of system activity and apply automatic responses in the event of suspected problems.

The paper presents the principles of intrusion monitoring and then proceeds to describe the conceptual architecture of the Intrusion Monitoring System (IMS), an approach that is the focus of current research and development by the authors. The main functional elements of the IMS architecture are described, followed by thoughts regarding the practical implementation and the associated advantages (and potential disadvantages) that this would deliver. It is concluded that whilst an IMS-type approach would not represent a total replacement for conventional controls, it would represent an effective means to complement the protection already provided

Furnell SM, Haskell-Dowland PS (Dowland PS)