DocumentCode :
2822725
Title :
A network audit system for host-based intrusion detection (NASHID) in Linux
Author :
Daniels, Thomas E. ; Spafford, Eugene H.
Author_Institution :
CERIAS, Purdue Univ., West Lafayette, IN, USA
fYear :
2000
fDate :
36861
Firstpage :
178
Lastpage :
187
Abstract :
Recent work has shown that conventional operating system audit trails are insufficient to detect low-level network attacks. Because audit trails are typically based upon system calls or application sources, operations in the network protocol stack go unaudited. Earlier work has determined the audit data needed to detect low-level network attacks. We describe an implementation of an audit system which collects this data and analyze the issues that guided the implementation. Finally, we report the performance impact on the system and the rate of audit data accumulation in a test network
Keywords :
Unix; auditing; computer network management; network operating systems; security of data; Linux; NASHID; application sources; audit data; audit data accumulation; host-based intrusion detection; low-level network attacks; network audit system; network protocol stack; operating system audit trails; system calls; Data analysis; Intelligent networks; Intrusion detection; Linux; Monitoring; Operating systems; Packaging; Protocols; TCPIP; Writing;
fLanguage :
English
Publisher :
ieee
Conference_Titel :
Computer Security Applications, 2000. ACSAC '00. 16th Annual Conference
Conference_Location :
New Orleans, LA
Print_ISBN :
0-7695-0859-6
Type :
conf
DOI :
10.1109/ACSAC.2000.898871
Filename :
898871
Link To Document :
https://search.ricest.ac.ir/dl/search/defaultta.aspx?DTC=49&DC=2822725
بازگشت