The Center for Education and Research in Information Assurance and Security (CERIAS)

The Center for Education and Research in
Information Assurance and Security (CERIAS)

About:  Backtracking Intrusions

Share:

King and Chen (2005) write about their BackTracker software.  The idea is interesting:  let’s log everything needed to relate a sequence of events leading to an intrusion.  Everything in this case is processes, files, and filenames.  It can generate dependency graphs, once an anomalous process or event has been identified.  That is, something else must raise an alert, and then BackTracker helps find the cause.  It’s an interesting representation of an attack.

Taken one step further than they do, perhaps these dependency graphs could be used for intrusion detection?

Comments

Leave a comment

Commenting is not available in this section entry.