Naji Habra, Baudouin Le Charlier, Aziz Mounji, and Isabelle Mathieu. Preliminary report on Advanced Security Audit Trail Analysis on Unix (ASAX also called SATX) . Technical report, Institut D'Informatique, FUNDP, rue Grangagnage 21, 5000 Namur, Belgium, September 1994.  Home/Search   Document Not in Database   Summary   Related Articles   Check

.... Sensor [136] T sight [44] eTrust ID [27] AAFID [137] AFJ [4] Centrax [53] DIDS [133] Dragon [45] EMERALD [112] GrIDS [139] Hummer [51] LISYS [64] NFR [99] NetSTAT [152] RealSecure [71] Host based (52 ) ADS [118] AID [134] ALVA [90] ASAX [56], CMDS [115] CompWatch [42] CyberCop Monitor [110] Haystack [132] Hyperview [39] IDA [6] IDES [86] IDIOT [79] Intruder Alert [148] Kane Security Monitor [29] MIDAS [128] NADIR [63] NIDES [3] NSTAT [74] POLYCENTER [41] PRCis [84] ....

Naji Habra, Baudouin Le Charlier, Aziz Mounji, and Isabelle Mathieu. Preliminary report on Advanced Security Audit Trail Analysis on Unix (ASAX also called SATX) . Technical report, Institut D'Informatique, FUNDP, rue Grangagnage 21, 5000 Namur, Belgium, September 1994.

....processes, closing sessions, disabling accounts, etc. Neural networks are also used as an approach to intrusion detection (see [10] 3. Integrating Configuration Analysis and Intrusion Detection In this section, we propose an integrated system that extends our intrusion detection system ASAX [4, 5, 6]. ASAX (Advanced Security audit trail Analysis on uniX) features the rule based language RUSSEL specifically designed for efficient, real time, analysis of audit trails. Recently, we were inspired by Baldwin s SU KUANG system and we developed a hand made, datalog like language allowing us to ....

....of the software configuration. The rest of this section is organized as follows: Section 3.1 is an overview of the integrated system. Section 3.2 reviews the main features of ASAX and provides an example detection rule in the RUSSEL language. A comprehensive description of ASAX can be found in [4, 5, 6]. In Section 3.3 we describe the novel configuration analysis subsystem. 3.1. Overview of the Integrated System (see Figure 1) Upon receiving an event from the audit subsystem, the intrusion detection subsystem executes all currently active detection rules. If the current audit record ....

N. Habra, B. Le Charlier and A. Mounji. Preliminary Report on Advanced Security Audit Trail Analysis on Unix. Technical report, University of Namur, Institut d'Informatique, Rue Grandgagnage, 21 B-5000 Namur, Belgium, Dec. 1991. http://www.info.fundp.ac.be/amo/papers/spec.ps.Z.

No context found.

A. Mounji, B. Le Charlier, D. Zampuni'eris, N.Habra, Preliminary report on Advanced Security Audit Trail Analysis on Unix 15.12.91, 34 pages.

....a common security policy for all monitored hosts but choose to tighten the security measures for critical hosts such as firewalls [2] or for suspicious users. A software architecture and a rule based language for universal audit trail analysis were developed in the first phase of the ASAX project [10, 11, 12]. The distributed system presented here uses this rule based language to filter audit data at each monitored host and to analyze filtered data gathered at a central host. The analysis language is exactly the same at both local and central levels. This provides a tool for a flexible and a gradual ....

....main features of the stand alone version of ASAX for single audit trail analysis are explained. However, we only emphasize interesting functionalities. The reader is referred to [12] for a more detailed description of these functionalities 1 . A comprehensive description of ASAX is presented in [10, 11]. 2.1 A motivating example The use of the RUSSEL language for single audit trail analysis is better introduced by a typical example: detecting repeated failed login attempts from a single user during a specified time period. This example uses the SunOS 4.1 auditing mechanism. Native audit trails ....

[Article contains additional citation context not shown here]

N.Habra, B. Le Charlier, A. Mounji, Preliminary report on Advanced Security Audit Trail Analysis on Unix 15.12.91, 34 pages.

....configuration. In the framework of intrusion detection, we developed ASAX (Advanced Security audit trail Analysis on uniX) a system for attack scenario detection that uses a rule based language RUSSEL (RUle baSed Sequence Evaluation Language) specifically designed for intrusion detection (see [5, 6, 7]) In this paper, we propose an integrated approach by adding a configuration analysis component to our previous work on intrusion detection. This combination is desirable for two reasons. First, configuration analysis systems do not prevent a malicious user from creating and closing holes in the ....

N.Habra, B. Le Charlier, A. Mounji, Preliminary report on Advanced Security Audit Trail Analysis on Unix 15.12.91, 34 pages.

....: 35 . Chapter 1 Introduction The purpose of this report is to present a distributed on line system capable of performing efficient, intelligent and network level analysis of security audit trails in a network of SUN workstations. The distributed system is in fact an extension of ASAX ([1], 2] 3] whose main features can be summarized by the following: Universality: by supporting any kind of native audit trail format. This is achieved by means of user provided Format Adaptors translating the native format to the NADF (Normalized Audit Data Format) format; Power: by devoting a ....

N.Habra, B. Le Charlier, A. Mounji. Preliminary report on Advanced Security Audit Trail Analysis on Unix 15.12.91. 34 pages

....Common features : 52 4.6.2 Parsing functions specification : 53 A System parameters 56 B Compiler error messages 58 . Chapter 1 Introduction This report is devoted to the implementation design of the NADF evaluator. Knowledge of [1] is assumed. The report consists of three main parts. Chapter 2 describes general data structures used by the evaluator. Chapter 3 explains how the rule based language is implemented by means of an efficiently implementable abstract machine language. Chapter 4 presents the syntax analyser able to ....

....and and cond 1 evaluates to false, then cond is evaluated to false whatever the value of cond 1 is and no matter if this evaluation is defined or not. 3.3. 4 Consistency with the abstract semantics The above implementation design must still be proved coherent with the abstract semantics given in [1]. However, although this can be very interesting, the purpose of this document is not to provide a formal proof of the consistency of each construct internal representation with its abstract semantics. Nevertheless, a sample proof schema for conditional expressions is given below in order to ....

[Article contains additional citation context not shown here]

N.Habra, B. Le Charlier, A. Mounji. Preliminary report on Advanced Security Audit Trail Analysis on Unix 15.12.91. 34 pages

No context found.

N. Habra, B. Le Charlier, A. Mounji & I. Mathieu, "Preliminary Report on Advanced Security Audit Trail Analysis on UniX", Research Report 1/92, Institut d'Informatique, University of Namur, January 1992.

No context found.

Habra, N., Charlier, B. L., and Mounji, A. (1991). Preliminary Report on Advanced Security Audit Trail Analysis on uniX. Technical report, Computer Science Institute, University of Namur.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC