Detecting computer and network misuse through the production-based expert system toolset (P-BEST)
作者: U. Lindqvist , P.A. Porras
DOI: 10.1109/SECPRI.1999.766911
关键词:
摘要: The paper describes an expert system development toolset called the Production-Based Expert System Toolset (P-BEST) and how it is employed in of a modern generic signature analysis engine for computer network misuse detection. For more than decade, earlier versions P-BEST have been used intrusion detection research some most well known systems, but this first time principles language are described to wide audience. We present rule sets detecting subversion methods against which there few defenses-specifically, SYN flooding buffer overruns-and provide performance measurements. Together, these examples measurements indicate that based systems suited real contemporary computing environments. In addition, simplicity its close integration with C programming makes easy use while still being very powerful flexible.
umbc.edu
uta.edu 
sri.com 
sci-hub.se 参考文章(15)
Debra Anderson, Thane Frivold, Alfonso Valdes, Next-generation Intrusion Detection Expert System (NIDES)A Summary ,(1997)
Sandeep Kumar, Classification and detection of computer intrusions Purdue University. ,(1996)
C.A. Stallings, K.A. Jackson, D.H. Dubois, An expert system application for network intrusion detection ,(1991)
Naji Habra, Baudouin Le Charlier, Abdelaziz Mounji, Isabelle Mathieu, ASAX: Software Architecture and Rule-Based Language for Universal Audit Trail Analysis european symposium on research in computer security. pp. 435- 450 ,(1992) , 10.1007/BFB0013912
D. Bruschi, E. Rosti, R. Banfi, A Tool for Pro-active Defense Against the Buffer Overrun Attack european symposium on research in computer security. ,vol. 1485, pp. 17- 31 ,(1998) , 10.1007/BFB0055853
T.F. Lunt, R. Jagannathan, R. Lee, A. Whitehurst, S. Listgarten, Knowledge-based intrusion detection [1989] Proceedings. The Annual AI Systems in Government Conference. pp. 102- 107 ,(1989) , 10.1109/AISIG.1989.47311
K. Ilgun, R.A. Kemmerer, P.A. Porras, State transition analysis: a rule-based intrusion detection approach IEEE Transactions on Software Engineering. ,vol. 21, pp. 181- 199 ,(1995) , 10.1109/32.372146
H.S. Vaccaro, G.E. Liepins, Detection of anomalous computer session activity ieee symposium on security and privacy. pp. 280- 289 ,(1989) , 10.1109/SECPRI.1989.36302
P.A. Porras, R.A. Kemmerer, Penetration state transition analysis: A rule-based intrusion detection approach annual computer security applications conference. pp. 220- 229 ,(1992) , 10.1109/CSAC.1992.228217
H. Debar, M. Becker, D. Siboni, A neural network component for an intrusion detection system ieee symposium on security and privacy. pp. 240- 250 ,(1992) , 10.1109/RISP.1992.213257