Issue No. 04 - April (2002 vol. 35)
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MC.2002.10036
Richard A. Kemmerer , Reliable Software Group, Computer Science Department, University of California Santa Barbara
Giovanni Vigna , Reliable Software Group, Computer Science Department, University of California Santa Barbara
Suppose a strange man is standing in front of your house. He looks around, studying the surroundings, and then goes to the front door and starts turning the knob. The door is locked. He moves to a nearby window and gently tries to open it. It, too, is locked. It seems your house is secure. So why install an alarm?<p>This question is often asked of intrusion detection advocates. Why bother detecting intrusions if you?ve installed firewalls, patched operating systems, and checked passwords for soundness? The answer is simple: because intrusions still occur. Just as people sometimes forget to lock a window, for example, they sometimes forget to correctly update a firewall?s rule set. </p><p>Even with the most advanced protection, computer systems are still not 100 percent secure. In fact, most computer security experts agree that, given user-desired features such as network connectivity, we?ll never achieve the goal of a completely secure system. As a result, we must develop intrusion detection techniques and systems to discover and react to computer attacks. </p>
G. Vigna and R. A. Kemmerer, "Intrusion Detection: A Brief History and Overview (Supplement to Computer Magazine)," in Computer, vol. 35, no. , pp. 27-30, 2002.