Automatic high-performance reconstruction and recovery
Computer Networks: The International Journal of Computer and Telecommunications Networking
Hi-index | 0.00 |
This thesis presents the design and implementation of a real-time intrusion detection tool, referred to as Ustat, State Transition Analysis Tool for UNIX. The original design was first developed by Phillip A. Porras and presented in [Porr91 ] as STAT, State Transition Analysis Tool. STAT is a new model for representing computer penetrations, and applied the model to the development of a real-time intrusion detection tool. In STAT, a penetration is identified as a sequence of state changes that lead the computer system from some initial state to a target compromised state. The author of this document has developed the first prototype, Ustat, for UNIX, in particular for SunOS 4.1.1. Ustat makes use of the audit trails that are collected by the C2 Basic Security Module of SunOS and it keeps track of only those critical actions that must occur for the successful completion of the penetration. This approach differs from other rule-based penetration identification tools that pattern match sequences of audit records.