Next Generation Intrusion Detection Expert System (NIDES)

1. Next Generation Intrusion Detection Expert System (NIDES)

2. Components of NIDES • Persistent Storage • Agen • ArPool • Statistical Analysis Component • Rule Based Analysis Component • Resolver • Archiver • Batch Analysis • User Interface

3. Persistent Storage • It contains : • Audit Record Archieve • Result Archive • User Statistical Profile • Analysis Configuration

4. Statistical Analysis Component • Maintains Historical Statistical Profile For each user • Updated Regularly • Detects Anomaly

5. Rule Based Analysis Component • Detects known intrusion types • Detects intruders who are in violation of site security policy.

6. NIDES Process Graph : Target Host 1 Target Host N Target auditing system Native format audit data Target auditing system Native format audit data agen agen NIDES format audit data NIDES format audit data Arpool NIDES format audit data NIDES format audit data Statistical Analysis Rule based Analysis Statistical Analysis Results Rule based Analysis Results Resolver Resolved Analysis Results User Interface