|
Application-Integrated Data Collection for Security Monitoring
by Dr. Ulf Lindqvist & Magnus Almgren.
LNCS. From Recent Advances in Intrusion Detection (RAID 2001). Springer, Davis, California. October, 2001. Pages 2236.
Abstract
This paper describes a new approach to collecting real-time
transaction information from a server application and forwarding the
data to an intrusion detection system. While the few existing
application-based intrusion detection systems tend to read log
files, the proposed application-integrated approach uses a module
coupled with the application to extract the desired information.
The paper describes the advantages of this approach in general, and
how it complements traditional network-based and host-based data
collection methods. The most compelling benefit is the ability to
monitor transactions that are encrypted when transported to the
application and therefore not visible to network traffic monitors.
Further benefits include full insight into how the application
interprets the transaction, and data collection that is independent
of network line speed. To evaluate the proposed approach, we
designed and implemented a data-collection module for the Apache Web
server. Our experiments showed that the required implementation
effort was moderate, that existing communication and analysis
components could be used without incurring adaptation costs, and
that the performance impact on the Web server is tolerable.
BibTEX Entry
@inproceedings{Almgren:2001:AIDCFSM,
AUTHOR = {Magnus Almgren and Ulf Lindqvist},
TITLE = {Application-Integrated Data Collection for Security Monitoring},
BOOKTITLE = {Recent Advances in Intrusion Detection (RAID 2001)},
YEAR = {2001},
SERIES = {{LNCS}},
PAGES = {22-36},
ADDRESS = {Davis, California},
MONTH = {October},
PUBLISHER = {Springer},
URL = {http://www.sdl.sri.com/papers/raid2001/}
}
Files
|
|