Continuous Assessment of a Unix Configuration: Integrated Intrusion Detection and Configuration Analysis

Get BibTex-formatted data

Author

Abdelaziz Mounji,Baudouin Le Charlier

Entry type

techreport

Abstract

Computer security is a topic of growing concern because, on the one hand, the power of computers continues to increase at exponential speed and all computers are virtually connected to each other and because, on the other hand, the lack of reliability of software systems may cause dramatic and unrecoverable damage to computer systems and hence to the newly emerging computerized society. Among the possible approaches to improve the current situation, expert systems have been advocated to be an important one. Typical tasks that such expert systems can achieve include evaluating the security level of a software configuration and detecting malicious or incorrect behaviors of users. In this paper, we extend our intrusion detection system ASAX with a deductive subsystem that allows us to assess the security level of a software configuration on a real time basis. By coupling the two subsystems - intrusion detection and configuration analysis - we moreover achieve a better tuning of the intrusion detection since the system has only to enable intrusion detection rules that are specifically required by the current state of the configuration. We also report some preliminary performance measurements, which suggest that our approach can be practical in real life contexts.

Date

1996 – August

Address

B-5000 Namur Belgum

Institution

University of Namur

Key alpha

Mounji

Pages

27-35

Publication Date

0000-00-00

Location

A hard-copy of this is in the Papers Cabinet

BibTex-formatted data

To refer to this entry, you may select and copy the text below and paste it into your BibTex document. Note that the text may not contain all macros that BibTex supports.

@Techreport{ Mounji,
	title = "Continuous Assessment of a Unix Configuration: Integrated Intrusion Detection and Configuration Analysis",
	author = "Abdelaziz Mounji,Baudouin Le Charlier",
	year = "1996",
	month = "August",
	address = "B-5000 Namur Belgum",
	institution = "University of Namur",
	pages = "27-35",
	abstract = "Computer security is a topic of growing concern because, on the one hand, the power
of computers continues to increase at exponential speed and all computers are
virtually connected to each other and because, on the other hand, the lack of
reliability of software systems may cause dramatic and unrecoverable damage to computer
systems and hence to the newly emerging computerized society. Among the possible
approaches to improve the current situation, expert systems have been advocated
to be an important one. Typical tasks that such expert systems can achieve include
evaluating the security level of a software configuration and detecting malicious
or incorrect behaviors of users.
In this paper, we extend our intrusion detection system ASAX with a deductive
subsystem that allows us to assess the security level of a software configuration
on a real time basis. By coupling the two subsystems - intrusion detection and
configuration analysis - we moreover achieve a better tuning of the intrusion
detection since the system has only to enable intrusion detection rules that are
specifically required by the current state of the configuration. We also report
some preliminary performance measurements, which suggest that our approach can
be practical in real life contexts.",
}