Databases and Information Systems Commons^™

Heuristics For Improved Enterprise Intrusion Detection, James J. Treinen

Electronic Theses and Dissertations

One of the greatest challenges facing network operators today is the identification of malicious activity on their networks. The current approach is to deploy a set of intrusion detection sensors (IDSs) in various locations throughout the network and on strategic hosts. Unfortunately, the available intrusion detection technologies generate an overwhelming volume of false alarms, making the task of identifying genuine attacks nearly impossible. This problem is very difficult to solve even in networks of nominal size. The task of uncovering attacks in enterprise class networks quickly becomes unmanageable.

Research on improving intrusion detection sensors is ongoing, but given the nature …