IEEE Transactions on Software Engineering - Special issue on computer security and privacy
The open book: a practical perspective on OSI
The open book: a practical perspective on OSI
Classification and detection of computer intrusions
Classification and detection of computer intrusions
ASAX: Software Architecture and Rule-Based Language for Universal Audit Trail Analysis
ESORICS '92 Proceedings of the Second European Symposium on Research in Computer Security
Distributed audit trail analysis
SNDSS '95 Proceedings of the 1995 Symposium on Network and Distributed System Security (SNDSS'95)
NetKuang: a multi-host configuration vulnerability checker
SSYM'96 Proceedings of the 6th conference on USENIX Security Symposium, Focusing on Applications of Cryptography - Volume 6
LAMBDA: A Language to Model a Database for Detection of Attacks
RAID '00 Proceedings of the Third International Workshop on Recent Advances in Intrusion Detection
A Framework Focus on Configuration Modeling and Integration with Transparent Persistence
IPDPS '05 Proceedings of the 19th IEEE International Parallel and Distributed Processing Symposium (IPDPS'05) - Workshop 18 - Volume 19
Using contextual security policies for threat response
DIMVA'06 Proceedings of the Third international conference on Detection of Intrusions and Malware & Vulnerability Assessment
Hi-index | 0.00 |
Computer security is a topic of growing concern because, on the one hand, the power of computers continues to increase at exponential speed and all computers are virtually connected to each other and because, on the other hand, the lack of reliability of software systems may cause dramatic and unrecoverable damage to computer systems and hence to the newly emerging computerized society. Among the possible approaches to improve the current situation, expert systems have been advocated to be an important one. Typical tasks that such expert systems attempt to achieve include finding system vulnerabilities and detecting malicious behaviors of users.In this paper, we extend our intrusion detection system ASAX with a deductive subsystem that allows us to assess the security level of a software configuration on a real time basis. By coupling the two subsystems --- intrusion detection and configuration analysis --- we moreover achieve a better tuning of the intrusion detection since the system has only to enable intrusion detection rules that are specifically required by the current state of the configuration. We also report some preliminary performance measurements, which suggest that our approach can be practical in real life contexts.