Design and implementation of intrusion detection systems remain an important research issue in order to maintain proper network security. Despite the undeniable progress in the area of computer security there is still much to be done to improve security of today’s computer systems and so many mechanisms have been developed to assure its security.
These systems are vulnerable to attacks from both non-authorized users (outsider’s attacks) as well as attacks from authorized users (insiders’ attacks) who abuse their privileges. Many researches have proved that more than 60% of the attacks come from the inside of the computer systems.
In the previous article [1], we have proposed an exact algorithm for the deployment of security policies for single computer systems but in this paper, we will propose an approach for complex computer systems, base on a three levels security policy. Each level will protect the computer system from both outsiders’ attacks and insiders’ attacks. This global security policy will allow the administrator of the security systems not only to detect attacks, but also to warn him about this intrusion and forbid access to the whole networks.