• DocumentCode
    2359776
  • Title

    eXpert-BSM: a host-based intrusion detection solution for Sun Solaris

  • Author

    Lindqvist, Ulf ; Porras, Phillip A.

  • Author_Institution
    Syst. Design Lab., SRI Int., Menlo Park, CA, USA
  • fYear
    2001
  • fDate
    10-14 Dec. 2001
  • Firstpage
    240
  • Lastpage
    251
  • Abstract
    eXpert-BSM is a real time forward-reasoning expert system that analyzes Sun Solaris audit trails. Based on many years of intrusion detection research, eXpert-BSM´s knowledge base detects a wide range of specific and general forms of misuse, provides detailed reports and recommendations to the system operator, and has a low false-alarm rate. Host-based intrusion detection offers the ability to detect misuse and subversion through the direct monitoring of processes inside the host, providing an important complement to network-based surveillance. Suites of eXpert-BSMs may be deployed throughout a network, and their alarms managed, correlated, and acted on by remote or local subscribing security services, thus helping to address issues of decentralized management. Inside the host, eXpert-BSM is intended to operate as a true security daemon for host systems, consuming few CPU cycles and very little memory and secondary storage. eXpert-BSM has been available for download on the Internet since April 2000, and has been successfully deployed in several production environments.
  • Keywords
    computer network management; expert systems; network operating systems; security of data; system monitoring; Internet; Sun Solaris; audit trails; decentralized management; eXpert-BSM; host-based intrusion detection; knowledge base; misuse; real time forward-reasoning expert system; security daemon; security services; system operator; Data security; Electronic switching systems; Expert systems; Intrusion detection; Laboratories; Remote monitoring; Secure storage; Sun; Surveillance; Trademarks;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Computer Security Applications Conference, 2001. ACSAC 2001. Proceedings 17th Annual
  • Print_ISBN
    0-7695-1405-7
  • Type

    conf

  • DOI
    10.1109/ACSAC.2001.991540
  • Filename
    991540