NIDES is a comprehensive intrusion-detection system that performs real-time monitoring of user activity on multiple target systems connected via Ethernet.  NIDES runs on its own workstation (the NIDES host) and analyzes audit data collected from various interconnected systems, searching for activity that may indicate unusual and/or malicious user behavior. Analysis is performed using two complimentary detection units: a rule-based signature analysis subsystem and a statistical profile-based anomaly-detection subsystem. The NIDES rule-base employs expert rules to characterize known intrusive activity represented in activity logs, and raises alarms as matches are identified between the observed activity logs and the rule encodings. The statistical subsystem maintains historical profiles of usage per user and raises an alarm when observed activity departs from established patterns of usage for an individual. The alarms generated by the two analysis units are screened by a resolver component, which filters and displays warnings as necessary through the NIDES host X-window interface.

Information:

• What is NIDES?
• Screen Shots
• System Requirements

Principal Investigator: Phillip Porras

• Size Format SAFEGUARD Final Report: Detecting Unusual Program Behavior Using the NIDES Statistical Component
• NIDES: A Summary
• Detecting Unusual Program Behavior Using the Statistical Components of NIDES
• NIDES: Software Users Manual --- Beta-Update Release
• NIDES: Training Course -- Beta Release
• Browse through all 13 papers...

NIDES has evolved into the EMERALD project.