Computers under attack: intruders, worms, and viruses
Computers under attack: intruders, worms, and viruses
Programming perl
A survey of intrusion detection techniques
Computers and Security
Software design for reliability and reuse: a proof-of-concept demonstration
TRI-Ada '94 Proceedings of the conference on TRI-Ada '94
A high-performance network intrusion detection system
CCS '99 Proceedings of the 6th ACM conference on Computer and communications security
Cryptography and data security
Cryptography and data security
Implementing a Generalized Tool for Network Monitoring
LISA '97 Proceedings of the 11th Conference on Systems Administration
ASAX: Software Architecture and Rule-Based Language for Universal Audit Trail Analysis
ESORICS '92 Proceedings of the Second European Symposium on Research in Computer Security
NetSTAT: A Network-Based Intrusion Detection Approach
ACSAC '98 Proceedings of the 14th Annual Computer Security Applications Conference
SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
Synthesizing fast intrusion prevention/detection systems from high-level specifications
SSYM'99 Proceedings of the 8th conference on USENIX Security Symposium - Volume 8
Bro: a system for detecting network intruders in real-time
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
Lightweight languages as software engineering tools
DSL'97 Proceedings of the Conference on Domain-Specific Languages on Conference on Domain-Specific Languages (DSL), 1997
Hi-index | 0.00 |
We describe the use of a domain-specific language (DSL) for expressing critical design values and constraints in an intrusion detection application. Through the use of this specialised language, information that is critical to the correct operation of the software can be expressed in a form that can be easily drafted, verified, and maintained by domain experts (security officers), thus minimising the risk inherent from the mediation of software engineers. Our application, Panoptis, is a DSL-based low-cost, easy-to-use intrusion detection system using the process accounting records kept by most Unix systems. A set of database tables contain resource usage profiles for processes, terminals, users, and time intervals. Panoptis monitors new process data against the recorded profiles and reports on entities diverging from the established resource usage envelopes implying possible data security threats. We demonstrate the operation of Panoptis by a case study of a real attack and subsequent system compromise that occured on a system under our administrative control.