Porras, P.A., STAT: A State Transition Analysis Tool for Intrusion Detection. Master's Thesis, Computer Science Dept., University of California, Santa Barbara, 1992.  Home/Search   Document Not in Database   Summary   Related Articles   Check

....because it requires specific data structures that would be hard although probably not impossible to code in Russel. Our high level language is, as announced, a temporal language, which seems to make it quite different from the state transition diagrams of STAT (State Transition Analysis [15]) and its variants, and also from the the colored Petri approach advocated in [8] and used in IDIOT [4] The particular brand of temporal logic that we use in Section 3 are in fact automata, that is, statetransition diagrams. While STATL relies both on events (from an on line log) and states ....

P. A. Porras. STAT -- a state transition analysis tool for intrusion detection. Master's thesis, University of California, Santa Barbara, 1992.

....because they require specific data structures that would be hard although probably not impossible to code in Russel. Our high level language is, as announced, a temporal language, which seems to make it quite different from the state transition diagrams of STAT (State Transition Analysis [17]) and its variants USTAT [9] NetSTAT [25] and STATL [6] and also from the the colored Petri approach advocated in [10] and used in IDIOT [4] However, the particular brand of temporal logic that we shall use in Section 4, and whose modal operators were inspired by Wolper s extended linear time ....

P. A. Porras. STAT -- a state transition analysis tool for intrusion detection. Master's thesis, University of California, Santa Barbara, 1992.

....detection. The first implementation of the host based tool, which is called USTAT, used as input the audit records produced by Sun Microsystems Basic Security Module (BSM) 32] USTAT clearly demonstrated the value of the STAT approach for intrusion detection in the UNIX operating system [13, 14, 26]. However, because the original USTAT prototype was developed in an ad hoc way, a number of characteristics of this first prototype were difficult to modify or to extend to match new environments (e.g. Windows NT) The state transition analysis technique was also applied to networks. The ....

P.A. Porras. STAT -- A State Transition Analysis Tool for Intrusion Detection. Master's thesis, Computer Science Department, University of California, Santa Barbara, June 1992.

....The state transition analysis technique has been used for both host based and network based intrusion detection. The first implementation of the host based tool, which is called USTAT, clearly demonstrated the value of the STAT approach for intrusion detection in the UNIX operating system [12, 13, 24]. However, because the original USTAT prototype was developed in an ad hoc way, a number of characteristics of this first prototype were difficult to modify or to extend to match new environments (e.g. Windows NT) The state transition analysis technique was also applied to networks. The ....

P.A. Porras. STAT -- A State Transition Analysis Tool for Intrusion Detection. Master's thesis, Computer Science Department, University of California, Santa Barbara, June 1992.

....For example, in an attack scenario describing a network port scanning attempt, a typical signature action would include the TCP segments used to test the TCP ports of a host. The state transition analysis technique has been applied to host based intrusion detection, and a tool, called USTAT [5, 6, 13], has been developed. USTAT uses state transition representations as the basis for rules to interpret changes in a computer system s state and to detect intrusions in real time. The changes in the computer system s state are monitored by leveraging off of the auditing facilities provided by ....

P. Porras. STAT -- A State Transition Analysis Tool for Intrusion Detection. Master's thesis, Computer Science Department, University of California, Santa Barbara, June 1992.

....Ustat A Real time Intrusion Detection System for UNIX by Koral Ilgun This thesis presents the design and implementation of a real time intrusion detection tool called Ustat, a State Transition Analysis Tool for UNIX. The original design was first developed by Phillip A. Porras and presented in [Porr91] as STAT, a State Transition Analysis Tool. STAT is a new model for representing computer penetrations, and the model is applied to the development of a real time intrusion detection tool. In STAT, a penetration is identified as a sequence of state changes that take the computer system from some ....

....data provided by an audit collection system often makes manual analysis impractical. Therefore, an automated audit data analysis tool is the only solution. An intrusion detection system is a possibly enhanced version of such an analysis tool. The State Transition Analysis Tool (STAT) presented in [Porr91] introduces a novel idea to represent computer penetrations and provides an expert system model to detect compromises. STAT makes use of the audit trails that are provided by the audit collection mechanisms of the target systems. Ustat, which is a State Transition Analysis Tool for UNIX 2 , ....

[Article contains additional citation context not shown here]

P. A. Porras. "STAT: A State Transition Analysis Tool for Intrusion Detection,", Master's Thesis, Computer Science Dept., University of California, Santa Barbara, July 1992.

....the expert system is only as good as that of the security officer whose skills are modeled, which may not be comprehensive [18] The system is not easy to use and unlike our design, the matching algorithm (forward chaining) is fixed. A state transition analysis tool for intrusion detection (STAT) [21, 22] and a real time intrusion detection system for UNIX (USTAT) 8, 6, 7] are the examples of using state transition diagrams as a way of describing intrusion scenarios. Attack patterns can only specify a sequence of events; more complex ways of specifying events are not permitted. Furthermore, there ....

P. A. Porras. STAT -- A State Transition Analysis Tool for Intrusion Detection. Master's thesis, Computer Science Department, University of California, Santa Barbara, July 1992.

....the actions that, if omitted from the execution of an attack scenario, would prevent the attack from completing successfully. Typical examples of host based signature actions include reading, writing, and executing files. For a complete description of the state transition analysis technique see [8]. For NetSTAT the original STAT technique has been applied to computer networks, and the concepts of state, assertions, and signature actions have been characterized in a networked environment. States and Assertions In network based state transition analysis the state includes the currently ....

P. Porras. STAT -- A State Transition Analysis Tool for Intrusion Detection. Master's thesis, Computer Science Department, University of California, Santa Barbara, June 1992.

No context found.

P.A. Porras, "STAT - A State Transition Analysis Tool for Intru- sion Detection," Masters Thesis, Computer Science Department, University of California, Santa Barbara, June 1992.

No context found.

Porras, P.A., STAT: A State Transition Analysis Tool for Intrusion Detection. Master's Thesis, Computer Science Dept., University of California, Santa Barbara, 1992.

No context found.

P. A. Porras. STAT: A State Transition Analysis Tool for Intrusion Detection. Master's Thesis, Computer Science Dept., University of California, Santa Barbara, July 1992.

No context found.

P A Porras. "STAT: A State Transition Analysis Tool for Intrusion Detection". Master's Thesis, Computer Science Dept., University of California, Santa Barbara, July 1992.

No context found.

Phillip A. Porras. STAT --- A State Transition Analysis Tool for Intrusion Detection. Master's thesis, Computer Science Department, University of California, Santa Barbara, June 1992.

No context found.

Porras PA, STAT A State Transition Analysis Tool for Intrusion Detection, Masters thesis, University of California, Santa Barbara, CA 1992.

No context found.

P.A. Porras. STAT -- A State Transition Analysis Tool for Intrusion Detection. Master's thesis, Computer Science Department, University of California, Santa Barbara, June 1992.

No context found.

Porras, P. A. (1992). STAT A State Transition Analysis Tool for Intrusion Detection, Masters thesis, University of California, Santa Barbara, CA.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC