Welcome to the Intrusion Detection System Homepage. This project is a collaboration with NCSU and FIT

If you have any questions regarding this project or if you want to get involved, please contact Shlomo Hershkop shlomo@cs.columbia.edu

Updates:

• Weekly Meetings for Spring 2003:
  For the entire group takes place every Wednesday other week at 4pm. We will be sending out an email over the list. if you do not recieve this email , please contact shlomo.
• An overview technical report summarizing our research is available in the publication section of the website. It is called "Real Time Data Mining-based Intrusion Detection". There is another paper on "Adaptive Model Generation" which summarizes the systems pary of our research.

Description:

This project is a data-mining based approach to detecting intruders in computer systems. The project approaches the intrusion detection problem from a data-mining perspective. Large quantities of data are collected from the system and analyzed to build models of normal behavior and intrusion behavior. These models are evaluated on data collected in real time to detect intruders.

There are 12 sub projects which together compose the Intrusion Detection System Project:

• HOBIDS - Host Based Intrusion Detection System.
• HAUNT - Network Based Intrusion Detection System.
• DIDS - Distributed Intrusion Detection System.
• DW-AMG - Data Warehousing and Adaptive Model Generation.
• MEF - Malicious Email Filter
• FWRAP - File System Wrappers
• ASIDS - Advanced Sensors for IDS
• TAG - The Attack Group
• IDSMODELS - Intrusion Detection Models Generation
• IDSWATCH - Intrusion Detection Visualization
• DuDE - Denial-of-Service Detection and Response System
• Response - Automated Intrusion Detection and Response Rule-Based System

Before IDS, our group used to work on the JAM project.