Title :
State transition analysis: a rule-based intrusion detection approach
Author :
Ilgun, Koral ; Kemmerer, Richard A. ; Porras, Phillip A.
Author_Institution :
Adv. Comput. Commun., Santa Barbara, CA, USA
fDate :
3/1/1995 12:00:00 AM
Abstract :
The paper presents a new approach to representing and detecting computer penetrations in real time. The approach, called state transition analysis, models penetrations as a series of state changes that lead from an initial secure state to a target compromised state. State transition diagrams, the graphical representation of penetrations, identify precisely the requirements for and the compromise of a penetration and present only the critical events that must occur for the successful completion of the penetration. State transition diagrams are written to correspond to the states of an actual computer system, and these diagrams form the basis of a rule based expert system for detecting penetrations, called the state transition analysis tool (STAT). The design and implementation of a Unix specific prototype of this expert system, called USTAT, is also presented. This prototype provides a further illustration of the overall design and functionality of this intrusion detection approach. Lastly, STAT is compared to the functionality of comparable intrusion detection tools
Keywords :
access control; authorisation; expert systems; real-time systems; safety systems; security of data; STAT; USTAT; Unix specific prototype; computer penetrations; critical events; graphical representation; intrusion detection tools; rule based expert system; rule-based intrusion detection approach; state changes; state transition analysis; state transition diagrams; Computer science; Computer security; Data analysis; Data security; Expert systems; Information analysis; Intrusion detection; Prototypes; Research and development; Software;
Journal_Title :
Software Engineering, IEEE Transactions on
