ABSTRACT
Audit trails were originally designed to be used for accounting purposes, not as an aid to security. Dorothy Denning presented a paper at the IEEE Conference on Security and Privacy in 1986, however, in which she described how audit trail data could be used to enhance the security of a computer system [7.2, 7.3]. Since that time, several research projects have resulted in programs that use a system’s audit trail to help detect intrusive activities. These systems, known as Intrusion Detection Systems (IDS), have been extended to work in mostly limited networked environments. This chapter will examine this relatively new field in computer security and will examine several current systems to see how intrusive activity can be detected.
