Title :
USTAT: a real-time intrusion detection system for UNIX
Author_Institution :
Dept. of Comput. Sci., California Univ., Santa Barbara, CA, USA
Abstract :
The author presents the design and implementation of a real-time intrusion detection tool, called USTAT, a state transition analysis tool for UNIX. This is a UNIX-specific implementation of a generic design developed by A. Porras and R.A. Kemmerer (1992) as STAT, a state transition analysis tool. State transition analysis is a new approach to representing computer penetrations. In STAT, a penetration is identified as a sequence of state changes that take the computer system from some initial state to a target compromised state. The development of the first USTAT prototype, which is for SunOS 4.1.1, is discussed. USTAT makes use of the audit trails that are collected by the C2 basic security module of SunOS, and it keeps track of only those critical actions that must occur for the successful completion of the penetration. This approach differs from other rule-based penetration identification tools that pattern match sequences of audit records
Keywords :
Unix; auditing; real-time systems; security of data; utility programs; C2 basic security module; STAT; SunOS 4.1.1; UNIX; USTAT; audit records; audit trails; computer penetrations; critical actions; pattern match sequences; real-time intrusion detection system; rule-based penetration identification tools; state transition analysis tool; Computer science; Data analysis; Data security; Expert systems; Intrusion detection; Pattern matching; Prototypes; Real time systems; Software tools; Target tracking;
Conference_Titel :
Research in Security and Privacy, 1993. Proceedings., 1993 IEEE Computer Society Symposium on
Conference_Location :
Oakland, CA
Print_ISBN :
0-8186-3370-0
DOI :
10.1109/RISP.1993.287646
