To read the full version of this content please select one of the options below:

A conceptual architecture for real‐time intrusion monitoring

Steven M. Furnell (School of Electronic, Communication and Electrical Engineering, University of Plymouth, Plymouth, UK)
Paul S. Dowland (School of Electronic, Communication and Electrical Engineering, University of Plymouth, Plymouth, UK)

Information Management & Computer Security

ISSN: 0968-5227

Article publication date: 1 May 2000

Abstract

The detection and prevention of authorised activities, by both external parties and internal personnel, is an important issue within IT systems. Traditional methods of user authentication and access control do not provide comprehensive protection and offer opportunities for compromise by various classes of abuser. A potential solution is provided in the form of intrusion detection systems, which are able to provide proactive monitoring of system activity and apply automatic responses in the event of suspected problems. This paper presents the principles of intrusion monitoring and then proceeds to describe the conceptual architecture of the Intrusion Monitoring System (IMS), an approach that is the focus of current research and development by the authors. The main functional elements of the IMS architecture are described, followed by thoughts regarding the practical implementation and the associated advantages (and potential disadvantages) that this would deliver. It is concluded that whilst an IMS‐type approach would not represent a total replacement for conventional controls, it would represent an effective means to complement the protection already provided.

Keywords

Citation

Furnell, S.M. and Dowland, P.S. (2000), "A conceptual architecture for real‐time intrusion monitoring", Information Management & Computer Security, Vol. 8 No. 2, pp. 65-75. https://doi.org/10.1108/09685220010321317

Publisher

:

MCB UP Ltd

Copyright © 2000, MCB UP Limited