An efficient method to intrusion detection

This paper presents a new method in intrusion detection based on analyzing the audit trails of users' activities in a local area network. This approach consists of detecting the presence of known attacks in servers' audit sessions. Each attack scenario is described by a column vector containing the different occurrences of the system events that represent the attack. The detection procedure consists of examining the manifestation of the attack scenarios in the system event trace. This method could be applied to attacks on servers. The most advantages of the presented method are (1) it is easy to implement in any network having the audit mechanism, (2) it is very fast and may be used in real time and (3) it is robust.

[1]  Frédéric Cuppens,et al.  Recognizing Malicious Intention in an Intrusion Detection Process , 2002, HIS.

[2]  Jean Goubault-Larrecq,et al.  Log auditing through model-checking , 2001, Proceedings. 14th IEEE Computer Security Foundations Workshop, 2001..

[3]  R. Sekar,et al.  Experiences with Specification-Based Intrusion Detection , 2001, Recent Advances in Intrusion Detection.

[4]  Koral Ilgun,et al.  USTAT: a real-time intrusion detection system for UNIX , 1993, Proceedings 1993 IEEE Computer Society Symposium on Research in Security and Privacy.

[5]  Mitsuo Gen,et al.  Genetic algorithms and engineering design , 1997 .

[6]  Marc Dacier,et al.  Towards a taxonomy of intrusion-detection systems , 1999, Comput. Networks.

[7]  Ulf Lindqvist,et al.  Detecting computer and network misuse through the production-based expert system toolset (P-BEST) , 1999, Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344).

[8]  Dorothy E. Denning,et al.  An Intrusion-Detection Model , 1987, IEEE Transactions on Software Engineering.

[9]  Eugene H. Spafford,et al.  A PATTERN MATCHING MODEL FOR MISUSE INTRUSION DETECTION , 1994 .