The Center for Education and Research in Information Assurance and Security (CERIAS)

The Center for Education and Research in
Information Assurance and Security (CERIAS)
Center for Education and Research in Information Assurance and Security

A network audit system for host-based intrusion detection (NASHID) in Linux

Author

T Daniels, E Spafford

Entry type

conference

Abstract

Recent work has shown that conventional operating system audit trails are insufficient to detect low-level network attacks. Because audit trails are typically based upon system calls or application sources, operations in the network protocol stack go unaudited. Earlier work has determined the audit data needed to detect low-level network attacks. We describe an implementation of an audit system which collects this data and analyze the issues that guided the implementation. Finally, we report the performance impact on the system and the rate of audit data accumulation in a test network.

Date

2000

URL

http://csdl2.computer.org/pers ... 10.1109/ACSAC.2000.898871

Key alpha

Spafford

Note

6th Annual Computer Security Applications Conference (ACSAC'00)

Publication Date

2001-01-01

BibTex-formatted data

To refer to this entry, you may select and copy the text below and paste it into your BibTex document. Note that the text may not contain all macros that BibTex supports.