Appendix C: Intrusion Detection Glossary

An attack that results in an unauthorized state change, such as the manipulation of files or the adding of unauthorized files.

The management constraints and supplemental controls established to provide an acceptable level of protection for data.

Automated Information System—any equipment of an interconnected system or subsystem that is used in the automatic acquisition, storage, manipulation, control, display, transmission, or reception of data; includes software, firmware, and hardware,

A formatted message describing a circumstance relevant to network security. Alerts are often derived from critical audit events.

A person who aspires to be a hacker/cracker, but has very limited knowledge or skills related to AISs; usually associated with young teens who collect and use simple malicious programs obtained from the Internet.

A model where intrusions are detected by looking for activity that is different from the user's or system's normal behavior.

A firewall system in which service is provided by processes that maintain complete TCP connection state and sequencing. Application level firewalls often re-address traffic so that outgoing traffic appears to have originated from the firewall, rather than the internal host.

Automated Security Incident Measurement—Monitors network traffic and collects information on targeted unit networks by detecting unauthorized network activity.

Surveys and inspections; an analysis of the vulnerabilities of an AIS. An information acquisition and review process designed to assist a customer in determining how best to use resources to protect information in systems.

A measure of confidence that the security features and architecture of an AIS accurately mediate and enforce the security policy.

An attempt to bypass security controls on a computer. The attack may alter, release, or deny data. Whether an attack will succeed depends on the vulnerability of the computer system and the effectiveness of existing countermeasures.

The independent examination of records and activities to ensure compliance with established controls, policies, and operational procedures, and to recommend any indicated changes in controls, policy, or procedures.

In computer security systems, a chronological record of system-resource usage. This includes user login, file access, various other activities, and whether any actual or attempted security violations occurred, both legitimate and unauthorized.

To establish the validity of a claimed user or object.

To positively verify the identity of a user, device, or other entity in a computer system, often as a prerequisite to allowing access to resources in a system.

A field that immediately follows the IP header in an IP datagram and provides authentication and integrity checking for the datagram.

All security features needed to provide an acceptable level of protection for hardware, software, and classified, sensitive, unclassified, or critical data, material, or processes in the system.

Assuring information and communications services will be ready for use when expected.