Continual repair for windows using the event log
作者: James C. Reynolds , Lawrence A. Clough
关键词: Computer science 、 Intrusion prevention system 、 Audit 、 Event (computing) 、 Survivability 、 Anomaly-based intrusion detection system 、 Host (network) 、 Computer security 、 Interface (Java) 、 Intrusion detection system 、 Window (computing) 、 Host-based intrusion detection system
摘要: There is good reason to base intrusion detection on data from the host. Unfortunately, most operating systems do not provide all needed in readily available logs. Ironically, perhaps, Window NT and its successor, Windows 2000, much of necessary data, at least for security events. We have developed a host-based detector these platforms that meets generally accepted criteria Intrusion Detection System. Its architecture sufficiently flexible meet largely by relying native mechanisms. Where there are identified gaps event log, they can be filled other sensors using same event-logging interface. The IDS will also terminate unauthorized processes, delete files, restore deleted or modified files continually without lengthy recovery due compromise. call this feature Continual Repair. It an existence proof self-regenerative possible.
acm.org
sci-hub.se 参考文章(10)
Aaron Schwartzbard, Anup K. Ghosh, A Study in the Feasibility of Performing Host-Based Anomaly Detection on Windows NT. recent advances in intrusion detection. ,(1999)
James D. Murray, Windows NT Event Logging ,(1998)
Klaus Julisch, Dealing with False Positives in Intrusion Detection ,(2000)
Helen Custer, David A. Solomon, Inside Windows NT ,(1992)
R.M. Balzer, N.M. Goldman, Mediating connectors: a non-bypassable process wrapping technology darpa information survivability conference and exposition. ,vol. 2, pp. 361- 368 ,(2000) , 10.1109/DISCEX.2000.821533
L.R. Welch, B. Ravindran, B.A. Shirazi, C. Bruggeman, Specification and modeling of dynamic, distributed real-time systems real time systems symposium. pp. 72- 81 ,(1998) , 10.1109/REAL.1998.739732
U. Lindqvist, P.A. Porras, Detecting computer and network misuse through the production-based expert system toolset (P-BEST) ieee symposium on security and privacy. pp. 146- 161 ,(1999) , 10.1109/SECPRI.1999.766911
D.E. Denning, An Intrusion-Detection Model IEEE Transactions on Software Engineering. ,vol. 13, pp. 222- 232 ,(1987) , 10.1109/TSE.1987.232894
R.A. Maxion, K.M.C. Tan, Benchmarking anomaly-based detection systems dependable systems and networks. pp. 623- 630 ,(2000) , 10.1109/ICDSN.2000.857599
Eugene Spafford, Benjamin A. Kuperman, Generation of Application Level Audit Data via Library Interposition ,(1998)