Abstraction-based misuse detection: high-level specifications and adaptable strategies
作者: Jia-Ling Lin , X.S. Wang , S. Jajodia
关键词:
摘要: A typical misuse detection system contains: (1) a language for describing known techniques (called signatures) used by attackers to penetrate the target system, and (2) monitoring programs detecting presence of an attack based on given signatures. In most systems appearing in literature, however, description misuses is often terms low level (i.e. audit records system), that either has limited expressiveness or difficult use. Moreover algorithms are fixed do not adapt changing operating environment objectives site security officer. To overcome these limitations, paper defines high abstract signatures (MuSigs). Due use concepts, MuSig can represent simple form yet with expressiveness. The also introduces set directives provided designer support concepts. then discusses ways translate MuSigs into program help directives. adaptability obtained ability officer add delete change behavior program.
sci-hub.se 参考文章(19)
Debra Anderson, Thane Frivold, Alfonso Valdes, Next-generation Intrusion Detection Expert System (NIDES)A Summary ,(1997)
Jeffrey D. Ullman, Principles of Database and Knowledge-Base Systems Volume II: The New Technologies ,(1989)
Sandeep Kumar, Classification and detection of computer intrusions Purdue University. ,(1996)
Phil Porras, STAT -- A State Transition Analysis Tool For Intrusion Detection University of California at Santa Barbara. ,(1993)
Jennifer Widom, Umeshwar Dayal, Eric Hanson, Active database systems Modern database systems. pp. 434- 456 ,(1995)
André Vellino, Michael A. Covington, Donald Nute, Prolog Programming in Depth ,(1988)
Teresa F. Lunt, A survey of intrusion detection techniques Computers & Security. ,vol. 12, pp. 405- 418 ,(1993) , 10.1016/0167-4048(93)90029-5
Sandeep Kumar, Eugene H Spafford, None, An Application of Pattern Matching in Intrusion Detection ,(1994)
Eugene H. Spafford, Sandeep Kumar, A PATTERN MATCHING MODEL FOR MISUSE INTRUSION DETECTION ,(1994)
K. Ilgun, R.A. Kemmerer, P.A. Porras, State transition analysis: a rule-based intrusion detection approach IEEE Transactions on Software Engineering. ,vol. 21, pp. 181- 199 ,(1995) , 10.1109/32.372146