A Software Architecture to Support Misuse Intrusion Detection
作者: Eugene H. Spafford , Sandeep Kumar
DOI:
关键词:
摘要: Misuse Intrusion Detecl.ion has traditionally been understood in the literature as detection of specific, precisely representable techniques computer system abuse. Pattern matching is well disposed to representation and such Each specific method abuse can be represented a pattern many these matched simultaneously against audit logs generated by kernel. Using relatively high level patterns specify relieves writer from having understand encode intricacies into misuse detector. Patterns represent. declarative way ofspecifying what needs Lo detected, instead specifying how it should detected. We have devised model based on Colored Petri Nets specifically targeted for intrusion detection. In this paper we present software architecture structuring solution context an object oriented prototype implementation describe abstract classes encapsulating generic functionality inter-relationships between classes.
参考文章(13)
Eugene H. Spafford, Sandeep Kumar, A Taxonomy of Common Computer Security Vulnerabilities Based on their Method of Detection ,(1995)
Eugene H. Spafford, Daniel Farmer, The COPS Security Checker System USENIX Summer. pp. 165- 170 ,(1990)
Naji Habra, Baudouin Le Charlier, Abdelaziz Mounji, Isabelle Mathieu, ASAX: Software Architecture and Rule-Based Language for Universal Audit Trail Analysis european symposium on research in computer security. pp. 435- 450 ,(1992) , 10.1007/BFB0013912
Harold Joseph Highland, A Pattern Matching Model for Misuse Intrusion Detection Computers & Security. ,vol. 14, pp. 28- ,(1995) , 10.1016/0167-4048(95)96997-H
E. H. Spafford, Crisis and aftermath Communications of The ACM. ,vol. 32, pp. 678- 687 ,(1989) , 10.1145/63526.63527
Sandeep Kumar, Eugene H Spafford, None, An Application of Pattern Matching in Intrusion Detection ,(1994)
Eugene H. Spafford, Sandeep Kumar, A PATTERN MATCHING MODEL FOR MISUSE INTRUSION DETECTION ,(1994)
S.E. Smaha, Haystack: an intrusion detection system annual computer security applications conference. pp. 37- 44 ,(1988) , 10.1109/ACSAC.1988.113412
Andrew D. Birrell, Bruce Jay Nelson, Implementing remote procedure calls ACM Transactions on Computer Systems. ,vol. 2, pp. 39- 59 ,(1984) , 10.1145/2080.357392
P.A. Porras, R.A. Kemmerer, Penetration state transition analysis: A rule-based intrusion detection approach annual computer security applications conference. pp. 220- 229 ,(1992) , 10.1109/CSAC.1992.228217