A conceptual intrusion monitoring architecture and thoughts on practical implementation |
The paper presents a conceptual description of the Intrusion Monitoring System (IMS) architecture, which is designed to facilitate detection of system penetration and other anomalous activity in a networked environment. The architecture is based upon eight functional elements, distributed between a monitoring host and a series of monitored client systems. The discussion also considers how the approach could be integrated within the Windows NT environment.
Haskell-Dowland PS (Dowland PS), Furnell SM