Graph-based Intrusion Detection System (GrIDS)

Overview

GrIDS is designed to detect large-scale automated attacks on networked systems. The mechanism that we propose is to build activity graphs which approximately represent the causal structure of large scale distributed activities.

The nodes of an activity graph correspond to hosts in a system, while edges in the graph correspond to network activity between those hosts. Activity in a monitored network causes graphs representing that activity to be built. These graphs are then compared against known patterns of intrusive or hostile activities, and if they look similar a warning (or perhaps a reaction) is generated.

The GrIDS project is part of UC Davis's Intrusion Detection for Large Networks project, which is funded by ARPA.

Additional Information

Papers

Presentations

Personnel

Faculty

Staff

Students