eXpert-BSM: A Host-Based Intrusion Detection Solution for Sun Solaris

  • Authors:

  • U. Lindqvist;P. Porras

  • Affiliations:

  • -;-

  • Venue:
  • ACSAC '01 Proceedings of the 17th Annual Computer Security Applications Conference
  • Year:
  • 2001

Quantified Score

Hi-index 0.00

Visualization

Abstract

eXpert-BSM is a real time forward-reasoning expert systemthat analyzes Sun Solaris audit trails. Based on manyyears of intrusion detection research, eXpert-BSM's knowledgebase detects a wide range of specific and general formsof misuse, provides detailed reports and recommendationsto the system operator, and has a low false-alarm rate.Host-based intrusion detection offers the ability to detectmisuse and subversion through the direct monitoring of processesinside the host, providing an important complementto network-based surveillance. Suites of eXpert-BSMs maybe deployed throughout a network, and their alarms managed,correlated, and acted on by remote or local subscribingsecurity services, thus helping to address issues of decentralizedmanagement. Inside the host, eXpert-BSM isintended to operate as a true security daemon for host systems,consuming few CPU cycles and very little memoryand secondary storage. eXpert-BSM has been availablefor download on the Internet since April 2000, and has beensuccessfully deployed in several production environments.