|
eXpert-BSM: A Host-based Intrusion Detection Solution for Sun Solaris
by Dr. Ulf Lindqvist & Phillip Porras.
From Proceedings of the 17th Annual Computer Security Applications Conference (ACSAC 2001). IEEE Computer Society, New Orleans, Louisiana. December 10-14, 2001. Pages 240251.
Abstract
eXpert-BSM is a real time forward-reasoning expert system that
analyzes Sun Solaris audit trails. Based on many years of intrusion
detection research, eXpert-BSM's knowledge base detects a wide range
of specific and general forms of misuse, provides detailed reports
and recommendations to the system operator, and has a low
false-alarm rate. Host-based intrusion detection offers the ability
to detect misuse and subversion through the direct monitoring of
processes inside the host, providing an important complement to
network-based surveillance. Suites of eXpert-BSMs may be deployed
throughout a network, and their alarms managed, correlated, and
acted on by remote or local subscribing security services, thus
helping to address issues of decentralized management. Inside the
host, eXpert-BSM is intended to operate as a true security daemon
for host systems, consuming few CPU cycles and very little memory
and secondary storage. eXpert-BSM has been available for download on
the Internet since April 2000, and has been successfully deployed in
several production environments.
BibTEX Entry
@article{unspecified,
AUTHOR = {Ulf Lindqvist and Phillip {A} Porras},
TITLE = {eXpert-BSM: {A} Host-based Intrusion Detection Solution for Sun Solaris},
YEAR = {2001},
PAGES = {240--251},
MONTH = {December 10-14},
ADDRESS = {New Orleans, Louisiana},
URL = {http://www.sdl.sri.com/papers/expertbsm-acsac01/},
BOOKTITLE = {Proceedings of the 17th Annual Computer Security Applications Conference (ACSAC 2001)},
PUBLISHER = {{IEEE} Computer Society}
}
Files
|
|