La détection d'intrusions: Les outils doivent coopérer

Ludovic Mé.; Zakia Marrakchi; Cédric Michel; Hervé Debar; Frédéric Cuppens

doi:10.3845/ree.2001.054

La détection d'intrusions: Les outils doivent coopérer

Ludovic Mé.
, Zakia Marrakchi
, Cédric Michel
, Hervé Debar
, Frédéric Cuppens

Research output: Contribution to journal › Article › peer-review

Abstract

Intruder detection systems seek to detect all violations of the security policy applied to a data processing system. The systems work by analysing all events occurring in the system, either in real time or in batch mode. Two main approaches are used, a scenario based approach (misuse detection) and a behavioural approach (anomaly detection). Each of the two approaches has its own strengths and weaknesses, and these are reflected in the tools that make use of them. The article aims to demonstrate to need for cooperation between intruder detection tools in order to combine the strengths and eliminate the weaknesses.

Original language	French
Pages (from-to)	56-59
Number of pages	4
Journal	REE, Revue de L'Electricite et de L'Electronique
Issue number	5
DOIs	https://doi.org/10.3845/ree.2001.054
Publication status	Published - 1 Jan 2001
Externally published	Yes

Access to Document

10.3845/ree.2001.054

Cite this

@article{ade82645f9684a7aabfc21cf12b65517,

title = "La d{\'e}tection d'intrusions: Les outils doivent coop{\'e}rer",

abstract = "Intruder detection systems seek to detect all violations of the security policy applied to a data processing system. The systems work by analysing all events occurring in the system, either in real time or in batch mode. Two main approaches are used, a scenario based approach (misuse detection) and a behavioural approach (anomaly detection). Each of the two approaches has its own strengths and weaknesses, and these are reflected in the tools that make use of them. The article aims to demonstrate to need for cooperation between intruder detection tools in order to combine the strengths and eliminate the weaknesses.",

author = "Ludovic M{\'e}. and Zakia Marrakchi and C{\'e}dric Michel and Herv{\'e} Debar and Fr{\'e}d{\'e}ric Cuppens",

year = "2001",

month = jan,

day = "1",

doi = "10.3845/ree.2001.054",

language = "Fran{\c c}ais",

pages = "56--59",

journal = "REE, Revue de L'Electricite et de L'Electronique",

issn = "1265-6534",

number = "5",

}

TY - JOUR

T1 - La détection d'intrusions

T2 - Les outils doivent coopérer

AU - Mé., Ludovic

AU - Marrakchi, Zakia

AU - Michel, Cédric

AU - Debar, Hervé

AU - Cuppens, Frédéric

PY - 2001/1/1

Y1 - 2001/1/1

N2 - Intruder detection systems seek to detect all violations of the security policy applied to a data processing system. The systems work by analysing all events occurring in the system, either in real time or in batch mode. Two main approaches are used, a scenario based approach (misuse detection) and a behavioural approach (anomaly detection). Each of the two approaches has its own strengths and weaknesses, and these are reflected in the tools that make use of them. The article aims to demonstrate to need for cooperation between intruder detection tools in order to combine the strengths and eliminate the weaknesses.

AB - Intruder detection systems seek to detect all violations of the security policy applied to a data processing system. The systems work by analysing all events occurring in the system, either in real time or in batch mode. Two main approaches are used, a scenario based approach (misuse detection) and a behavioural approach (anomaly detection). Each of the two approaches has its own strengths and weaknesses, and these are reflected in the tools that make use of them. The article aims to demonstrate to need for cooperation between intruder detection tools in order to combine the strengths and eliminate the weaknesses.

U2 - 10.3845/ree.2001.054

DO - 10.3845/ree.2001.054

M3 - Article

AN - SCOPUS:24044465916

SN - 1265-6534

SP - 56

EP - 59

JO - REE, Revue de L'Electricite et de L'Electronique

JF - REE, Revue de L'Electricite et de L'Electronique

IS - 5

ER -