State Transition Analysis: A Rule-Based Intrusion Detection Approach
IEEE Transactions on Software Engineering
A Secure Group Membership Protocol
IEEE Transactions on Software Engineering
A Methodology for Testing Intrusion Detection Systems
IEEE Transactions on Software Engineering
A high-performance network intrusion detection system
CCS '99 Proceedings of the 6th ACM conference on Computer and communications security
Abstraction-based intrusion detection in distributed environments
ACM Transactions on Information and System Security (TISSEC)
STATL: an attack language for state-based intrusion detection
Journal of Computer Security
LAMBDA: A Language to Model a Database for Detection of Attacks
RAID '00 Proceedings of the Third International Workshop on Recent Advances in Intrusion Detection
Designing a Web of Highly-Configurable Intrusion Detection Sensors
RAID '00 Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection
Multi-Phase Damage Confinement in Database Systems for Intrusion Tolerance
CSFW '01 Proceedings of the 14th IEEE workshop on Computer Security Foundations
Designing and implementing a family of intrusion detection systems
Proceedings of the 9th European software engineering conference held jointly with 11th ACM SIGSOFT international symposium on Foundations of software engineering
Clustering intrusion detection alarms to support root cause analysis
ACM Transactions on Information and System Security (TISSEC)
Mobility-based anomaly detection in cellular mobile networks
Proceedings of the 3rd ACM workshop on Wireless security
A Comprehensive Approach to Intrusion Detection Alert Correlation
IEEE Transactions on Dependable and Secure Computing
Intrusion detection using an ensemble of intelligent paradigms
Journal of Network and Computer Applications - Special issue on computational intelligence on the internet
Preventing race condition attacks on file-systems
Proceedings of the 2005 ACM symposium on Applied computing
Decentralized intrusion detection in wireless sensor networks
Proceedings of the 1st ACM international workshop on Quality of service & security in wireless and mobile networks
The design and implementation of a self-healing database system
Journal of Intelligent Information Systems - Special issue: Database and applications security
Real-time data attack isolation for commercial database applications
Journal of Network and Computer Applications
ANSS '06 Proceedings of the 39th annual Symposium on Simulation
A System Architecture for Computer Intrusion Detection
Information-Knowledge-Systems Management
Intrusion detection using a fuzzy genetics-based learning algorithm
Journal of Network and Computer Applications - Special issue: Network and information security: A computational intelligence approach
Building intrusion pattern miner for Snort network intrusion detection system
Journal of Systems and Software
A parallel genetic local search algorithm for intrusion detection in computer networks
Engineering Applications of Artificial Intelligence
International Journal of Information and Computer Security
A real-time intrusion prevention system for commercial enterprise databases and file systems
AIKED'05 Proceedings of the 4th WSEAS International Conference on Artificial Intelligence, Knowledge Engineering Data Bases
A real-time intrusion prevention system for commercial enterprise databases
SEPADS'05 Proceedings of the 4th WSEAS International Conference on Software Engineering, Parallel & Distributed Systems
A real-time intrusion prevention system for commercial enterprise databases and file systems
MMACTEE'08 Proceedings of the 10th WSEAS International Conference on Mathematical Methods and Computational Techniques in Electrical Engineering
Cooperative Intrusion Detection Model Based on State Transition Analysis
Computer Supported Cooperative Work in Design IV
State transition analysis to detect malicious program behavior
ICCOMP'08 Proceedings of the 12th WSEAS international conference on Computers
A Classifier Ensemble Approach to Intrusion Detection for Network-Initiated Attacks
Proceedings of the 2007 conference on Emerging Artificial Intelligence Applications in Computer Engineering: Real Word AI Systems with Applications in eHealth, HCI, Information Retrieval and Pervasive Technologies
Anomaly intrusion detection by clustering transactional audit streams in a host computer
Information Sciences: an International Journal
Lightweight anomaly intrusion detection in wireless sensor networks
PAISI'07 Proceedings of the 2007 Pacific Asia conference on Intelligence and security informatics
Damage assessment and repair in attack resilient distributed database systems
Computer Standards & Interfaces
Exploring discrepancies in findings obtained with the KDD Cup '99 data set
Intelligent Data Analysis
A neural network model for detection systems based on data mining and false errors
EUC'06 Proceedings of the 2006 international conference on Emerging Directions in Embedded and Ubiquitous Computing
ICDCIT'04 Proceedings of the First international conference on Distributed Computing and Internet Technology
HTTPHunting: an IBR approach to filtering dangerous HTTP Traffic
ICDM'06 Proceedings of the 6th Industrial Conference on Data Mining conference on Advances in Data Mining: applications in Medicine, Web Mining, Marketing, Image and Signal Mining
A fast host-based intrusion detection system using rough set theory
Transactions on Rough Sets IV
A dead-lock free self-healing algorithm for distributed transactional processes
ICISS'06 Proceedings of the Second international conference on Information Systems Security
| Hi-index | 0.00 |
This paper presents the design and implementationof a real-time intrusion detection tool, called Us-TAT', a State Transition Analysis Tool for UNIX. This is a UNIX-specific implementation of a generic designdeveloped by Phillip A. Porras and presented in [Porr92B] as STAT, State Transition Analysis TOOL State Transition Analysis is a new approach to representing computer penetrations. In STAT, a penetration is identified as a sequence of state changes that take the computer system from some initial state to a target compromised state.In this paper, the development of the first USTATprototype, which is for SunOS 4.1.1, is discussed. Us-TAT makes use of the audit trails that are collected bythe C2 Basic Security Module of Sun OS, and it keepstrack of only those critical actions that must occur forthe successful completion of the penetration. This approachdiffers from other rule-based penetration identificationtools that pattern match sequences of audit records.