A Building Block Approach to Intrusion Detection
作者: Benjamin A. Kuperman , Mark J. Crosbie
DOI:
关键词:
摘要: This paper details the design and implementation of a host-based intrusion detection system (Hewlett-Packard’s Praesidium IDS/9000) specialized kernel data source which supplies customized to IDS. Instead common attack-signature matching used in most other systems, IDS/9000 performs real-time monitoring looking for misuse actions that are indicative either attack or policy violations. These called building blocks. As part implementation, new was developed specifically aid detection. We describe desired characteristics an Intrusion Detection Data Source (IDDS) is provided separately from normal C2 audit subsystem. auditing subsystem provides records tailored needs system. Performance measurements provided, we also discuss some alternative uses were discovered during testing phase.
oberlin.edu 
raid-symposium.org 参考文章(23)
Matt Bishop, A Taxonomy of UNIX System and Network Vulnerabilities ,(1997)
Eugene H. Spafford, Sandeep Kumar, A Taxonomy of Common Computer Security Vulnerabilities Based on their Method of Detection ,(1995)
Chapman Flack, Mikhail J. Atallah, Better Logging through Formality recent advances in intrusion detection. pp. 1- 16 ,(2000) , 10.1007/3-540-39945-3_1
Timothy N. Newsham, Thomas H. Ptacek, Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection ,(1998)
R. Heady, G. Luger, A. Maccabe, M. Servilla, The architecture of a network level intrusion detection system Other Information: PBD: 15 Aug 1990. ,(1990) , 10.2172/425295
Eugene H. Spafford, Ivan Krsul, Taimur Aslam, Use of A Taxonomy of Security Faults ,(1996)
Matt Bishop, David Bailey, A Critical Analysis of Vulnerability Taxonomies Defense Technical Information Center. ,(1996) , 10.21236/ADA453251
Eugene H. Spafford, Ivan Victor Krsul, Software vulnerability analysis Purdue University. ,(1998)
James N. Menendez, A Guide to Understanding Audit in Trusted Systems Defense Technical Information Center. ,(1988) , 10.21236/ADA385462
Gene Spafford, Simson Garfinkel, Practical UNIX Security ,(1991)