State Transition Analysis: A Rule-Based Intrusion Detection Approach

Get BibTex-formatted data

Author

Koral Ilgun,Richard A. Kemmerer,Phillip A. Porras

Entry type

article

Abstract

This paper presents a new approach to representing and detecting computer penetrations in real-time. The approach, called state transistion analysis, models penetrations as a series of state changes that lead from an initial secure state to a target compromised state. State transition diagrams, the graphical representation of penetrations, identify precisely the requirements for the compromise of a penetration and present only the critial events that must occur for the successful completion of the penetration. State transition diagrams are written to correspond to the states of an actual computer system, and these diagrams form the basis of a rule-based expert system for detecting penetrations, called the state transition analysis tool (STAT). The design and implementation of a UNIX-specific prototype of this expert system, called USTAT, is also presented. This prototype provides a further illustration of the overall design and functionality of this intrusion detection approach. Lastly STAT is compared to the functionality of comparable intrusion detection tools.

Date

1995 – March

URL

http://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=00372146

Institution

IEEE Transactions On Software Engineering

Journal

IEEE Transactions On Software Engineering

Key alpha

Ilgun

Number

Pages

181-199

Volume

Publication Date

2001-01-01

Keywords

Security, intrusion detection, expert systems

BibTex-formatted data

To refer to this entry, you may select and copy the text below and paste it into your BibTex document. Note that the text may not contain all macros that BibTex supports.

@Article{ Ilgun,
	title = "State Transition Analysis: A Rule-Based Intrusion Detection Approach",
	author = "Koral Ilgun,Richard A. Kemmerer,Phillip A. Porras",
	year = "1995",
	month = "March",
	institution = "IEEE Transactions On Software Engineering",
	journal = "IEEE Transactions On Software Engineering",
	number = "3",
	pages = "181-199",
	volume = "21",
	abstract = "This paper presents a new approach to representing and detecting computer
penetrations in real-time. The approach, called state transistion analysis,
models penetrations as a series of state changes that lead from an initial secure
state to a target compromised state. State transition diagrams, the graphical
representation of penetrations, identify precisely the requirements for the
compromise of a penetration and present only the critial events that must occur
for the successful completion of the penetration. State transition diagrams
are written to correspond to the states of an actual computer system, and
these diagrams form the basis of a rule-based expert system for detecting
penetrations, called the state transition analysis tool (STAT). The design
and implementation of a UNIX-specific prototype of this expert system,
called USTAT, is also presented. This prototype provides a further illustration
of the overall design and functionality of this intrusion detection approach. Lastly
STAT is compared to the functionality of comparable intrusion detection tools.",
	keywords = "Security, intrusion detection, expert systems",
	url = "http://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=00372146",
}