eXpert-BSM: A Host-Based Intrusion Detection Solution for Sun Solaris
نویسندگان
چکیده
eXpert-BSM is a real time forward-reasoning expert system that analyzes Sun Solaris audit trails. Based on many years of intrusion detection research, eXpert-BSM’s knowledge base detects a wide range of specific and general forms of misuse, provides detailed reports and recommendations to the system operator, and has a low false-alarm rate. Host-based intrusion detection offers the ability to detect misuse and subversion through the direct monitoring of processes inside the host, providing an important complement to network-based surveillance. Suites of eXpert-BSMs may be deployed throughout a network, and their alarms managed, correlated, and acted on by remote or local subscribing security services, thus helping to address issues of decentralized management. Inside the host, eXpert-BSM is intended to operate as a true security daemon for host systems, consuming few CPU cycles and very little memory and secondary storage. eXpert-BSM has been available for download on the Internet since April 2000, and has been successfully deployed in several production environments.
منابع مشابه
Experiments on Adaptive Techniques for Host-Based Intrusion Detection
This research explores four experiments of adaptive host-based intrusion detection (ID) techniques in an attempt to develop systems that can detect novel exploits. The technique considered to have the most potential is adaptive critic designs (ACDs) because of their utilization of reinforcement learning, which allows learning exploits that are difficult to pinpoint in sensor data. Preliminary r...
متن کاملSTATL: An Attack Language for State-Based Intrusion Detection
STATL is an extensible state/transition-based attack description language designed to support intrusion detection. The language allows one to describe computer penetrations as sequences of actions that an attacker performs to compromise a computer system. A STATL description of an attack scenario can be used by an intrusion detection system to analyze a stream of events and detect possible ongo...
متن کاملBSM Security Auditing for Solaris Servers
Although Solaris servers might be inside the firewall and relatively secure, there are still chances for a hacker to break in, or chances for an ordinary user to attempt malicious activities. Therefore, security efforts have to be made to detect intruders and to prevent unauthorized actions. One of the security utilities for Solaris servers is called BSM (Basic Security Module), which is an aud...
متن کاملA Study in the Feasibility of Performing Host-Based Anomaly Detection on Windows NT
Windows NT has become the dominant desktop platform. To date, host-based intrusion detection research has focused on Unixavored platforms. As a result, we have a large gap between the platform people use in practice and the platforms on which intrusion detection research is active. In this paper, we examine the feasibility of applying host-based intrusion detection to the Windows NT platform. S...
متن کاملAn Approach to UNIX Security Logging
Off-line intrusion detection systems rely on logged data. However, the logging mechanism may be complicated and time-consuming and the amount of logged data tends to be very large. To counter these problems we suggest a very simple and cheap logging method, light-weight logging. It can be easily implemented on a Unix system, particularly on the Solaris operating system from Sun. It is based on ...
متن کامل