Intrusion and anomaly detection in trusted systems
暂无分享,去创建一个
A real-time network and host security monitor that allows both interactive and automatic audit trail analysis is described. Audit records, i.e. tokens of actual user behavior, are examined in the context of user profiles, i.e. measures of expected behavior. This system combines a set of statistical tools for both interactive and automatic analysis of audit data, an expert system that works in conjunction with the statistical tools, and a hierarchical set of audit indicators which are based on an indications and warning model. The application of the model makes it possible both to collect audit events at a fine level of granularity and to effectively direct intrusion anomaly detection by defining levels of concern. A set of discrete tools, capabilities, and components is implemented in a hybrid design utilizing control concepts from operating systems theory and problem-solving concepts from blackboard artificial-intelligence systems.<<ETX>>
[1] James N. Menendez,et al. A Guide to Understanding Audit in Trusted Systems , 1988 .
[2] Gunar E. Liepins,et al. Detection of anomalous computer session activity , 1989, Proceedings. 1989 IEEE Symposium on Security and Privacy.
[3] R. Jagannathan,et al. A prototype real-time intrusion-detection expert system , 1988, Proceedings. 1988 IEEE Symposium on Security and Privacy.