Title :
Penetration state transition analysis: A rule-based intrusion detection approach
Author :
Porras, Phillip A. ; Kemmerer, Richard A.
Author_Institution :
Aerospace Corp., Los Angeles, CA, USA
fDate :
30 Nov-4 Dec 1992
Abstract :
A new approach to representing computer penetrations is introduced called penetration state transition analysis. This approach models penetrations as a series of state transitions described in terms of signature actions and state descriptions. State transition diagrams are written to correspond to the states of an actual computer system, and these diagrams form the basis of a rule-based expert system for detecting penetrations, referred to as STAT
Keywords :
expert systems; security of data; STAT; computer penetrations; penetration state transition analysis; rule-based expert system; rule-based intrusion detection; signature actions; state descriptions; Computer science; Computer security; Data analysis; Data security; Expert systems; Intrusion detection; Postal services; Real time systems; Research and development; Software tools;
Conference_Titel :
Computer Security Applications Conference, 1992. Proceedings., Eighth Annual
Conference_Location :
San Antonio, TX
Print_ISBN :
0-8186-3115-5
DOI :
10.1109/CSAC.1992.228217
