Next-Generation Intrusion-Detection Expert System (NIDES)
NIDES is a comprehensive intrusion-detection system that performs real-time monitoring of user activity on multiple target systems connected via Ethernet. NIDES runs on its own workstation (the NIDES host) and analyzes audit data collected from various interconnected systems, searching for activity that may indicate unusual or malicious user behavior. Analysis is performed using two complementary detection units: a rule based signature analysis subsystem and a statistical profile-based anomaly-detection subsystem. The NIDES rule base employs expert rules to characterize known intrusive activity represented in activity logs, and raises alarms as matches are identified between the observed activity logs and the rule encodings. The statistical subsystem maintains historical profiles of usage per user and raises an alarm when observed activity departs from established patterns of usage for an individual. The alarms generated by the two analysis units are screened by a resolver component, which filters and displays warnings as necessary through the NIDES host X-window interface.
NIDES evolved into the EMERALD project. Principal Investigator: