System Health and Intrusion Monitoring Using a Hierarchy of Constraints
作者: Calvin Ko , Paul Brutch , Jeff Rowe , Guy Tsafnat , Karl Levitt
关键词:
摘要: This paper presents a new approach to run-time security monitoring that can detect system abnormalities including attacks, faults, or operational errors. The approach, System Health and Intrusion Monitoring (SHIM), employs hierarchy of constraints describe correct operation at various levels abstraction. capture static behavior, dynamic time-critical behavior system. A in execution will be monitored for violation the constraints, which may indicate potential problems SHIM is based on specification-based intrusion detection, but it attempts provide systematic framework developing specifications/ constraints. does not directly intrusive actions an attack, their manifestations as violations In this paper, we constraint model methodology addition, present preliminary results developed host programs network protocols. By bounding components different abstraction, has high chance detecting types attacks variants.
springer.com
sci-hub.st 参考文章(14)
Eugene H. Spafford, Ivan Victor Krsul, Software vulnerability analysis Purdue University. ,(1998)
Martin Roesch, Snort - Lightweight Intrusion Detection for Networks usenix large installation systems administration conference. pp. 229- 238 ,(1999)
R. Sekar, Thomas F. Bowen, Mark E. Segal, On preventing intrusions by process behavior monitoring ID'99 Proceedings of the 1st conference on Workshop on Intrusion Detection and Network Monitoring - Volume 1. pp. 29- 40 ,(1999)
R.P. Lippmann, D.J. Fried, I. Graf, J.W. Haines, K.R. Kendall, D. McClung, D. Weber, S.E. Webster, D. Wyschogrod, R.K. Cunningham, M.A. Zissman, Evaluating intrusion detection systems: the 1998 DARPA off-line intrusion detection evaluation darpa information survivability conference and exposition. ,vol. 2, pp. 12- 26 ,(2000) , 10.1109/DISCEX.2000.821506
J.H. Saltzer, M.D. Schroeder, The protection of information in computer systems Proceedings of the IEEE. ,vol. 63, pp. 1278- 1308 ,(1975) , 10.1109/PROC.1975.9939
K. Ilgun, R.A. Kemmerer, P.A. Porras, State transition analysis: a rule-based intrusion detection approach IEEE Transactions on Software Engineering. ,vol. 21, pp. 181- 199 ,(1995) , 10.1109/32.372146
Carl E. Landwehr, Alan R. Bull, John P. McDermott, William S. Choi, A taxonomy of computer program security flaws ACM Computing Surveys. ,vol. 26, pp. 211- 254 ,(1994) , 10.1145/185403.185412
Harold S. Javitz, Alfonso Valdes, The NIDES Statistical Component Description and Justification ,(1994)
C. Ko, M. Ruschitzka, K. Levitt, Execution monitoring of security-critical programs in distributed systems: a specification-based approach ieee symposium on security and privacy. pp. 175- 187 ,(1997) , 10.1109/SECPRI.1997.601332
U. Lindqvist, P.A. Porras, Detecting computer and network misuse through the production-based expert system toolset (P-BEST) ieee symposium on security and privacy. pp. 146- 161 ,(1999) , 10.1109/SECPRI.1999.766911