• DocumentCode
    2822725
  • Title

    A network audit system for host-based intrusion detection (NASHID) in Linux

  • Author

    Daniels, Thomas E. ; Spafford, Eugene H.

  • Author_Institution
    CERIAS, Purdue Univ., West Lafayette, IN, USA
  • fYear
    2000
  • fDate
    36861
  • Firstpage
    178
  • Lastpage
    187
  • Abstract
    Recent work has shown that conventional operating system audit trails are insufficient to detect low-level network attacks. Because audit trails are typically based upon system calls or application sources, operations in the network protocol stack go unaudited. Earlier work has determined the audit data needed to detect low-level network attacks. We describe an implementation of an audit system which collects this data and analyze the issues that guided the implementation. Finally, we report the performance impact on the system and the rate of audit data accumulation in a test network
  • Keywords
    Unix; auditing; computer network management; network operating systems; security of data; Linux; NASHID; application sources; audit data; audit data accumulation; host-based intrusion detection; low-level network attacks; network audit system; network protocol stack; operating system audit trails; system calls; Data analysis; Intelligent networks; Intrusion detection; Linux; Monitoring; Operating systems; Packaging; Protocols; TCPIP; Writing;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Computer Security Applications, 2000. ACSAC '00. 16th Annual Conference
  • Conference_Location
    New Orleans, LA
  • Print_ISBN
    0-7695-0859-6
  • Type

    conf

  • DOI
    10.1109/ACSAC.2000.898871
  • Filename
    898871
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=2822725