TABLE OF CONTENTS
 page

A C K N O W L E D G M E N T S ......... ............... ....................................................................iii

A B STR A C T ............. ..........................................................................................vii

CHAPTER

1 IN T R O D U C T IO N ............................................................. ................ .. .. ............ 1

 1.1 Problem D definition ............................... ....................................................... .... .. 1
 1.2 Extended Generic Intrusion Detection Model....................................................... 2
 1.3 O organization of the T hesis ...................................................................................... 2

2 INTRUSION DETECTION SYSTEMS............................................................ 4

 2 .1 Intro du action .................................................................. ............................... . 4
 2.2 Types of Intruders .................................. ........ ... ................... ............ 4
 2.3 Approaches to Intrusion Detection................................ ........................ ........ 4
 2.3.1 A nom aly D election ........................................... .......... .. .......... 5
 2.3.2 M isuse D election ........................................................ .. .......... 5
 2.4 Types of Intrusion Detection System s ............................................... .............. 6
 2.4.1 N etw ork Intrusion D election ....................................................................... ... 6
 2.4.2 H ost-based Intrusion D election ................................... .................................... 6
 2.4.3 H ybrid Intrusion D etection................................................................... ... ..... 6
 2.4.4 Network-Node Intrusion Detection .............. ............................................7
 2.5 Issues with Intrusion Detection System ......................................... ..............7
 2.6 Other Intrusion Detection Systems ..................................... ..................... 8
 2.6.1 AAFID (Autonomous Agents for Intrusion Detection) ............ ................ 8
 2.6.2 EMERALD (Event Monitoring Enabling Responses to Anomalous Live
 D disturbances) ................. .... .. .................... ... .... .......................9
 2.6.3 GrIDS (A Graph Based Intrusion Detection System for Large Networks)...... 11
 2.7 Recent Advances in Intrusion D etection.............................................................. 12
 2.7.1 M obile A gent Technology ..................................................... ........ ...... 12
 2.7.2 Other Technologies in Intrusion Detection .................................................... 14
 2.8 T rends in Intrusion D election ........................................................ .... ................ 17
 2 .9 Su m m ary ........................................................... ........ ...... 18

3 ARCHITECTURE ......... ............................. ...... .. ........ ........... 19

 3.1 B ase A architecture ............................................... .......... .. ...... .... 19
 3.1.1 D etectors.................................................... ...................... ...... ...... 20