There is widespread concern that large-scale malicious attacks on computer networks could cause serious disruption to network services. We present the design of GrIDS (Graph-Based Intrusion Detection System). GrIDS collects data about activity on computers and network tra c between them. It aggregates this information into activity graphs which reveal the causal structure of network activity. This allows large-scale automated or co-ordinated attacks to be detected in near real-time. In addition, GrIDS allows network administrators to state policies specifying which users may use particular services of individual hosts or groups of hosts. By analyzing the characteristics of the activity graphs, GrIDS detects and reports violations of the stated policy. GrIDS uses a hierarchical reduction scheme for the graph construction, which allows it to scale to large networks. An early prototype of GrIDS has successfully detected a worm attack.

Extracted Key Phrases

4 Figures and Tables

Citations per Year

467 Citations

Semantic Scholar estimates that this publication has 467 citations based on the available data.

See our FAQ for additional information.

Cite this paper

@inproceedings{StanifordChen1996GrIDSAGB, title={GrIDS\{A GRAPH BASED INTRUSION DETECTION SYSTEM FOR LARGE NETWORKS}, author={Stuart Staniford-Chen and Sammy Cheung and Rick Crawford and Mark Dilger and Jordan Frank and James A. Hoagland and K. Levitt and C. Wee and Romeo Yip and Dan Zerkle}, year={1996} }