NetSTAT: a network-based intrusion detection approach

Author

Vigna, Giovanni ; Kemmerer, Richard A.

Author_Institution

Dept. of Comput. Sci., California Univ., Santa Barbara, CA, USA

fYear

1998

fDate

7-11 Dec 1998

Firstpage

25

Lastpage

34

Abstract

Network-based attacks have become common and sophisticated. For this reason, intrusion detection systems are now shifting their focus from the hosts and their operating systems to the network itself. Network-based intrusion detection is challenging because network auditing produces large amounts of data, and different events related to a single intrusion may be visible in different places on the network. This paper presents NetSTAT, a new approach to network intrusion detection. By using a formal model of both the network and the attacks, NetSTAT is able to determine which network events have to be monitored and where they can be monitored

Keywords

auditing; computer network management; computerised monitoring; security of data; NetSTAT; attacks; formal model; network auditing; network event monitoring; network-based attacks; network-based intrusion detection approach; Computer network reliability; Computer networks; Computer science; IP networks; Intrusion detection; Monitoring; Operating systems; Programmable logic arrays; Protection; Read only memory;

fLanguage

English

Publisher

ieee

Conference_Titel

Computer Security Applications Conference, 1998. Proceedings. 14th Annual

Conference_Location

Phoenix, AZ

ISSN

1063-9527

Print_ISBN

0-8186-8789-4

Type

conf

DOI

10.1109/CSAC.1998.738566

Filename

738566