Towards a taxonomy of intrusion-detection systems

Intrusion detection systems aim at detecting attacks against computer systems and networks or against information systems in general as it is di cult to provide provably secure information systems and maintain them in such a secure state for their entire lifetime and for every utilization Sometimes legacy or operational con straints do not even allow a fully secure information system to be realized at all Therefore the task of intrusion detection systems is to monitor the usage of such systems and to detect the apparition of insecure states They detect attempts and active misuse by legitimate users of the information systems or external parties to abuse their privileges or exploit security vulnerabilities In this paper we introduce a taxonomy of intrusion detection systems that highlights the various aspects of this area This taxonomy de nes families of intrusion detection systems according to their properties It is illustrated by numerous examples from past and current projects