USTAT: a real-time intrusion detection system for UNIX

Author

Ilgun, Koral

Author_Institution

Dept. of Comput. Sci., California Univ., Santa Barbara, CA, USA

fYear

1993

fDate

24-26 May 1993

Firstpage

16

Lastpage

28

Abstract

The author presents the design and implementation of a real-time intrusion detection tool, called USTAT, a state transition analysis tool for UNIX. This is a UNIX-specific implementation of a generic design developed by A. Porras and R.A. Kemmerer (1992) as STAT, a state transition analysis tool. State transition analysis is a new approach to representing computer penetrations. In STAT, a penetration is identified as a sequence of state changes that take the computer system from some initial state to a target compromised state. The development of the first USTAT prototype, which is for SunOS 4.1.1, is discussed. USTAT makes use of the audit trails that are collected by the C2 basic security module of SunOS, and it keeps track of only those critical actions that must occur for the successful completion of the penetration. This approach differs from other rule-based penetration identification tools that pattern match sequences of audit records

Keywords

Unix; auditing; real-time systems; security of data; utility programs; C2 basic security module; STAT; SunOS 4.1.1; UNIX; USTAT; audit records; audit trails; computer penetrations; critical actions; pattern match sequences; real-time intrusion detection system; rule-based penetration identification tools; state transition analysis tool; Computer science; Data analysis; Data security; Expert systems; Intrusion detection; Pattern matching; Prototypes; Real time systems; Software tools; Target tracking;

fLanguage

English

Publisher

ieee

Conference_Titel

Research in Security and Privacy, 1993. Proceedings., 1993 IEEE Computer Society Symposium on

Conference_Location

Oakland, CA

Print_ISBN

0-8186-3370-0

Type

conf

DOI

10.1109/RISP.1993.287646

Filename

287646