{"title":"Continuous assessment of a Unix configuration: integrating intrusion detection and configuration analysis","authors":"Abdelaziz Mounji, B. L. Charlier","doi":"10.1109/NDSS.1997.579216","DOIUrl":null,"url":null,"abstract":"Computer security is a topic of growing concern because, on the one hand, the power of computers continues to increase at exponential speed and all computers are virtually connected to each other and because, on the other hand, the lack of reliability of software systems may cause dramatic and unrecoverable damage to computer systems and hence to the newly emerging computerized society. Among the possible approaches to improve the current situation, expert systems have been advocated to be an important one. Typical tasks that such expert systems attempt to achieve include finding system vulnerabilities and detecting malicious behaviour of users. We extend our intrusion detection system ASAX with a deductive subsystem that allows us to assess the security level of a software configuration on a real time basis. By coupling the two subsystems-intrusion detection and configuration analysis-we moreover achieve a better tuning of the intrusion detection since the system has only to enable intrusion detection rules that are specifically required by the current state of the configuration. We also report some preliminary performance measurements, which suggest that our approach can be practical in real life contexts.","PeriodicalId":224439,"journal":{"name":"Proceedings of SNDSS '97: Internet Society 1997 Symposium on Network and Distributed System Security","volume":"15 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"1997-02-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"30","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of SNDSS '97: Internet Society 1997 Symposium on Network and Distributed System Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/NDSS.1997.579216","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 30
Abstract
Computer security is a topic of growing concern because, on the one hand, the power of computers continues to increase at exponential speed and all computers are virtually connected to each other and because, on the other hand, the lack of reliability of software systems may cause dramatic and unrecoverable damage to computer systems and hence to the newly emerging computerized society. Among the possible approaches to improve the current situation, expert systems have been advocated to be an important one. Typical tasks that such expert systems attempt to achieve include finding system vulnerabilities and detecting malicious behaviour of users. We extend our intrusion detection system ASAX with a deductive subsystem that allows us to assess the security level of a software configuration on a real time basis. By coupling the two subsystems-intrusion detection and configuration analysis-we moreover achieve a better tuning of the intrusion detection since the system has only to enable intrusion detection rules that are specifically required by the current state of the configuration. We also report some preliminary performance measurements, which suggest that our approach can be practical in real life contexts.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
