Title :
eXpert-BSM: a host-based intrusion detection solution for Sun Solaris
Author :
Lindqvist, Ulf ; Porras, Phillip A.
Author_Institution :
Syst. Design Lab., SRI Int., Menlo Park, CA, USA
Abstract :
eXpert-BSM is a real time forward-reasoning expert system that analyzes Sun Solaris audit trails. Based on many years of intrusion detection research, eXpert-BSM´s knowledge base detects a wide range of specific and general forms of misuse, provides detailed reports and recommendations to the system operator, and has a low false-alarm rate. Host-based intrusion detection offers the ability to detect misuse and subversion through the direct monitoring of processes inside the host, providing an important complement to network-based surveillance. Suites of eXpert-BSMs may be deployed throughout a network, and their alarms managed, correlated, and acted on by remote or local subscribing security services, thus helping to address issues of decentralized management. Inside the host, eXpert-BSM is intended to operate as a true security daemon for host systems, consuming few CPU cycles and very little memory and secondary storage. eXpert-BSM has been available for download on the Internet since April 2000, and has been successfully deployed in several production environments.
Keywords :
computer network management; expert systems; network operating systems; security of data; system monitoring; Internet; Sun Solaris; audit trails; decentralized management; eXpert-BSM; host-based intrusion detection; knowledge base; misuse; real time forward-reasoning expert system; security daemon; security services; system operator; Data security; Electronic switching systems; Expert systems; Intrusion detection; Laboratories; Remote monitoring; Secure storage; Sun; Surveillance; Trademarks;
Conference_Titel :
Computer Security Applications Conference, 2001. ACSAC 2001. Proceedings 17th Annual
Print_ISBN :
0-7695-1405-7
DOI :
10.1109/ACSAC.2001.991540
