State Transition Analysis: A Rule-Based Intrusion Detection Approach

IEEE Transactions on Software Engineering

Volumn 21, Issue 3, 1995, Pages 181-199

  Ilgun, Koral ^a   Kemmerer, Richard A ^b   Porras, Phillip A ^c  

^a Advanced Computer Communications ^*  (United States)

^b UNIVERSITY OF CALIFORNIA   (United States)

^c AEROSPACE CORPORATION   (United States)

Author keywords

expert systems; intrusion detection; Security

Indexed keywords

COMPUTER SIMULATION; COMPUTER SYSTEMS; GRAPHIC METHODS; KNOWLEDGE BASED SYSTEMS; REAL TIME SYSTEMS; SECURITY OF DATA; UNIX;

COMPUTER PENETRATIONS; INTRUSION DETECTION; STATE TRANSITION ANALYSIS TOOL; STATE TRANSITION DIAGRAMS; UNIX SPECIFIC PROTOTYPE;

EXPERT SYSTEMS;

EID: 0029267472     PISSN: 00985589     EISSN: None     Source Type: Journal    
DOI: 10.1109/32.372146     Document Type: Article

References (34)

1. J. P. Anderson Co., Computer Security Threat Monitoring and Surveillance. Fort Washington, PA, Apr. 1980.
2. M. Bishop, Security Problem with the UNIX Operating System [Restricted Distribution], Dep. Comput. Sci., Purdue Univ., West Lafayette, IN, Apr. 1982.
3. K. Chen, S. C. Lu, and H. S. Teng, “Adaptive real-time anomaly detection using inductively generated sequential patterns,” in Proc. IEEE Symp. Res. Security, Privacy, Oakland, CA, May 1990, pp. 278-295.
4. H. Debar, M. Becker, and D. Siboni, “A neural network component for an intrusion detection system,” in Proc. IEEE Symp. Res. Security, Privacy, Oakland, CA, May 1992, pp. 240-258
5. D. E. Denning and P. G. Neumann, “Requirements and model for IDES—A-real-time intrusion detection expert system,” Tech. Rep., CSL, SRI Int., Aug. 1985.
6. A. V. Discolo, 4.2 BSD UNIX Security, [Restricted Distribution], Comput. Sci. Dep., Univ. Calif., Santa Barbara, Apr. 1985.
7. D. Farmer and E. H. Spafford, “The COPS security checker system,” in Proc. Summer 1990 Usenix Conf., Anaheim, CA, June 1990, pp. 305-312.
8. T. D. Garvey and T. F. Lunt, “Model-based intrusion detection,” in Proc. 14th Nat. Comput. Security Conf., Baltimore, MD, Oct. 1991, pp. 372-385.
9. L. R. Halme, T. F. Lunt, and J. Van Horne, “Analysis of computer system audit trails—Intrusion classification,” Sytek Tech. Rep. TR-85012, Mountain View, CA, Oct. 1985.
10. B. Hubbard et al, “Computer system intrusion detection,” Final Tech. Rep. RADC-TR-90-413, Trusted Inform. Syst., Inc., Dec. 1990.
11. K. A. Jackson, D. H. DuBois, and C. A. Stalling, “An expert system application for network intrusion detection,” in Proc. 14th Nat. Comput. Security Conf. (Baltimore, MD), Oct. 1991, pp. 215-225.
12. H. S. Javitz and A. Valdes, “The SRI IDES statistical anomaly detector,” in Proc. IEEE Res. Security, Privacy (Oakland, CA), May 1991, pp. 316-376.
13. P. Kerchen et al., “Static analysis virus detection tools for UNIX systems,” in Proc. 13th Nat. Comput. Security Conf., Baltimore, MD, Oct. 1990, pp. 350-365.
14. K. Ilgun, “USTAT: A real-time intrusion detection system for UNIX,” M.S. thesis, Comput. Sci. Dep., Univ. California, Santa Barbara, July 1992.
15. K. Ilgun, “USTAT: A real-time intrusion detection system for UNIX,” in Proc. IEEE Symp. Res. Security, Privacy, Oakland, CA, May 1993, pp. 16-28.
16. T. F. Lunt, “Automated audit trail analysis and intrusion detection: A survey,” in Proc. 11th Nat. Comput. Security Conf., Baltimore, MD, Oct. 1988, pp. 65-73.
17. T. F. Lunt, “Real-time intrusion detection,” in Proc. COMPCON, San Francisco, CA, Feb. 1989.
18. T. F. Lunt, R. Jagannathan, R. Lee, and A. Whitehurst, “Knowledge-based intrusion detection,” in Proc. 1989 AI Syst. Government Conf., Mar. 1989, pp. 102-107.
19. T. F. Lunt et al., “A real-time intrusion detection expert system,” SRI CSL Tech. Rep. SRI-CSL-90-05, June 1990.
20. T. F. Lunt et al., “A real-time intrusion detection expert system (IDES),” Final Tech. Rep., Comput. Sci. Laboratory, SRI Int., Menlo Park, CA, Feb. 1992.
21. J. Martin and S. Oxman, Building Expert Systems: A Tutorial. Englewood Cliffs, NJ: Prentice-Hall, 1988.
22. N. J. McAuliffe et al., “Is your computer being misused? A survey of current intrusion detection system technology,” in Proc. Sixth Comput. Security Applicat. Conf., Dec. 1990, pp. 260-272.
23. B. G. Miller and P. E. Proctor, “A requirements oriented analysis of computer misuse detection systems,” presented at the Seventh Intrusion Detection Workshop, SRI Int., Menlo Park, CA, May 1991.
24. National Computer Security Center, Trusted Computer System Evaluation Criteria, DoD, DoD 5200.28-STD, Dec. 1985.
25. National Computer Security Center, A Guide to Understanding Audit in Trusted Systems, NCSC-TG-01, Version 2, June 1988.
26. National Computer Security Center, Glossary of Computer Security Terms, NCSC-TG-004, Version 1, Oct. 1988.
27. P. G. Neumann, “A comparative anatomy of computer system/network anomaly detection systems,” CSL, SRI BN-168, Menlo Park, CA, May 1990.
28. P. A. Porras and R. A. Kemmerer, “Penetration state transition analysis: A rule-based intrusion detection approach,” in Proc. Eighth Ann. Comput. Security Applicat. Conf., San Antonio, TX, Dec. 1992, pp. 220-229.
29. P. A. Porras, “STAT—A state transition analysis tool for intrusion detection,” M.S. thesis, Comput. Sci. Dep., Univ. California, Santa Barbara, June 1992.
30. M. M. Sebring, E. Shellhouse, M. E. Hanna, and R. A. Whitehurst, “Expert system in intrusion detection: A case study,” in Proc. 11th Nat. Comput. Security Conf., Baltimore, MD, Oct. 1988, pp. 74-81.
31. S. W. Shieh and V. D. Gligor, “A pattern-oriented intrusion detection model and its application,” in Proc. IEEE Res. Security, Privacy, Oakland, CA, May 1991, pp. 327-342.
32. Sun Microsystems, Inc., SunOS Release 4.1.1. C2-BSM Patch, Revision A, Mountain View, CA, 1991.
33. UNIX Programmer's Manual, 4.2 Berkeley Software Distribution, Virtual VAX-11 Version, Comput. Sci. Div., Dep. Elec., Comput. Sci., Univ. California, Berkeley, Aug. 1983.
34. H. S. Vaccaro and G. E. Liepins, “Detection of anomalous computer session activity,” in Proc. IEEE Symp. Res. Security, Privacy, Oakland, CA, May 1989, pp. 280-289.