A Distributed Concurrent Intrusion Detection Scheme Based on Assertions

Get BibTex-formatted data

Author

Shambhu J. Upadhyaya,

Entry type

misc

Abstract

This paper presents a new technique for intrusion detection based on concurrent monitoring of user operations. In this scheme, prior to starting a session on a computer, an auxiliary process called watchdog first queries users for a scope file and then generates a table called a sprint-plan. The sprint-plan is composed of carefully derived assertions that can be used as a basis for concurrent monitoring of user commands. The plan is general enough to allow a normal user to perform his task without much interference from the watchdog or system administrator and is specific enough to detect intrusions, both external and inernal. A distributed watchdog process architecture based on the notion of verifiable assertions is presented. This scheme is a signigicant enhancement over the traditional approaches that rely on audit trail analysis in that the intrusion detection latency could be much shorter.

Institution

State University of New York & at Buffalo

Key alpha

Upadhyaya, Kwiat

School

Department of Computer Science & Engineering

Affiliation

Kevin Kwiat

Publication Date

0000-00-00

Location

A hard-copy of this is in the Papers Cabinet

BibTex-formatted data

To refer to this entry, you may select and copy the text below and paste it into your BibTex document. Note that the text may not contain all macros that BibTex supports.

@Misc{ Upadhyaya, Kwiat,
	title = "A Distributed Concurrent Intrusion Detection Scheme Based on Assertions",
	author = "Shambhu J. Upadhyaya, ",
	institution = "State University of New York & at Buffalo",
	school = "Department of Computer Science & Engineering",
	abstract = "This paper presents a new technique for intrusion detection based on concurrent monitoring of user operations.  In this scheme, prior to starting a session on a computer, an auxiliary process called watchdog first queries users for a scope file and then generates a table called a sprint-plan.  The sprint-plan is composed of carefully derived assertions that can be used as a basis for concurrent monitoring of user commands.  The plan is general enough to allow a normal user to perform his task without much interference from the watchdog or system administrator and is specific enough to detect intrusions, both external and inernal.  A distributed watchdog process architecture based on the notion of verifiable assertions is presented.  This scheme is a signigicant enhancement over the traditional approaches that rely on audit trail analysis in that the intrusion detection latency could be much shorter.",
	affiliation = "Kevin Kwiat",
}