Mark Crosbie, Bryn Dole, Todd Ellis, Ivan Krsul, and Eugene Spafford. IDIOT--- users guide. CSD-TR 96-050, COAST Laboratory, Purdue University, 1398 Computer Science Building, West Lafayette, Indiana, September 1996. URL http: //www.cerias.purdue.edu/techreports/public/96-04.ps.  Home/Search   Document Not in Database   Summary   Related Articles   Check

No context found.

Mark Crosbie, Bryn Dole, Todd Ellis, Ivan Krsul, and Eugene Spafford. IDIOT--- users guide. CSD-TR 96-050, COAST Laboratory, Purdue University, 1398 Computer Science Building, West Lafayette, Indiana, September 1996. URL http: //www.cerias.purdue.edu/techreports/public/96-04.ps.

....decides what to do with the information based on agent configuration information. Notice that the architecture does not specify any requirements or limitations for the functionality of an agent. Thus it may be a simple program or a complex software system (for example, an instance of IDIOT [2]) As long as the agent produces its output in the appropriate format and sends it to the transceiver, it can be part of the AAFID system. Internally, agents are also allowed to perform any functions they need. Some possibilities are: Agents may learn or evolve over time using genetic ....

....every agent must process the whole audit trail, which is probably a waste of processing resources. Another possibility is to embed the agents within a central audit server that passes appropriate records to appropriate agents. A version of this approach has successfully been used in the IDIOT IDS [14, 2]. One problem is that this model only supports the push mechanism of client server interaction. This means that the server sends events to the agents as they become available. If an agent is not ready to receive events, those events are lost. We propose the use of another mechanism that uses a ....

M. Crosbie, B. Dole, T. Ellis, I. Krsul, and E. Spafford. IDIOT---users guide. CSD-TR 96-050, COAST Laboratory, Purdue University, 1398 Computer Science Building, West Lafayette, IN 47907-1398, September 1996.

No context found.

Mark Crosbie, Bryn Dole, Todd Ellis, Ivan Krsul, and Eugene Spaord. IDIOT|users guide. CSD-TR 96-050, COAST Laboratory, Purdue University, 1398 Computer Science Building, West Lafayette, IN 479071398, September 1996. URL http://www.cerias.purdue.edu/techreports/public/96-04.ps.

....any requirements or limitations for the functionality of an agent. Thus it may be a simple program that monitors a speci c system variable or an event (for example, counting the number of telnet connections within the last 5 minutes) or a complex software system (for example, an instance of IDIOT [2] looking for a set of local intrusion patterns) As long as the agent produces its output in the appropriate format and sends it to the transceiver, it can be part of the AAFID system. Internally, agents are also allowed to perform any functions they need. Some possibilities are: Agents may ....

....every agent must process the whole audit trail, which is probably a waste of processing resources. Another possibility is to embed the agents within a central audit server that passes appropriate records to appropriate agents. A version of this approach has successfully been used in the IDIOT IDS [2, 15]. One problem is that this model only supports the push mechanism of client server interaction. This means that the server sends events to the agents as they become available. If an agent is not ready to receive events, those events are lost, unless the agent implements synchronization and ....

Mark Crosbie, Bryn Dole, Todd Ellis, Ivan Krsul, and Eugene Spaord. IDIOT| Users Guide. COAST Laboratory, Purdue University, 1398 Computer Science Building, West Lafayette, IN 47907-1398, September 1996. Available at http://www.cs.purdue. edu/coast/coast-library.html.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC