An Approach to UNIX Security Logging 1
作者: Ulf Gustafson , Ulf Lindqvist , Erland Jonsson , Stefan Axelsson
DOI:
关键词:
摘要: Off-line intrusion detection systems rely on logged data. However, the logging mechanism may be complicated and time-consuming amount of data tends to very large. To counter these problems we suggest a simple cheap method, light-weight logging. It can easily implemented Unix system, particularly Solaris operating system from Sun. is based every invocation exec(2) call together with its arguments. We use realistic experiments show benefits proposed in particular that this method consumes as little resources comparable methods, while still being more effective.
windowsecurity.com 参考文章(13)
M. Bishop, A standard audit trail format National information systems security conference, Baltimore, MD (United States), 10-13 Oct 1995. ,(1995)
W Richard Stevens, Stephen A Rago, Dennis M Ritchie, None, Advanced Programming in the Unix Environment ,(1992)
James N. Menendez, A Guide to Understanding Audit in Trusted Systems Defense Technical Information Center. ,(1988) , 10.21236/ADA385462
Gene Spafford, Simson Garfinkel, Practical UNIX and Internet Security ,(1996)
Tomas Olovsson, Erland Jonsson, Sarah Brocklehurst, Bev Littlewood, Towards operational measures of computer security: Experimentation and modelling Predictably Secure Computing Systems. pp. 555- 569 ,(1995) , 10.1007/978-3-642-79789-7_31
Teresa F. Lunt, A survey of intrusion detection techniques Computers & Security. ,vol. 12, pp. 405- 418 ,(1993) , 10.1016/0167-4048(93)90029-5
S. Brocklehurst, B. Littlewood, T. Olovsson, E. Jonsson, On measurement of operational security IEEE Aerospace and Electronic Systems Magazine. ,vol. 9, pp. 7- 16 ,(1994) , 10.1109/62.318876
E. Jonsson, T. Olovsson, A quantitative model of the security intrusion process based on attacker behavior IEEE Transactions on Software Engineering. ,vol. 23, pp. 235- 245 ,(1997) , 10.1109/32.588541
Karl N. Levitt, Biswanath Mukherjee, L. Todd Heberlein, Network Intrusion Detection Intrusion detection is a new, retrofit approach for providing a sense of security in existing computers and data networks, while allowing them to operate in their current "open" mode. ,(1994)
Dwight B. Davis, Sun Microsystems Inc. Datamation archive. ,vol. 39, pp. 32- 35 ,(1993) , 10.5555/169231.169256