The Community for Technology Leaders
RSS Icon
Subscribe
Issue No.03 - March (1995 vol.21)
pp: 181-199
ABSTRACT
This paper presents a new approach to representing and detecting computer penetrations in real-time. The approach, called state transition analysis, models penetrations as a series of state changes that lead from an initial secure state to a target compromised state. State transition diagrams, the graphical representation of penetrations, identify precisely the requirements for and the compromise of a penetration and present only the critical events that must occur for the successful completion of the penetration. State transition diagrams are written to correspond to the states of an actual computer system, and these diagrams form the basis of a rule-based expert system for detecting penetrations, called the state transition analysis tool (STAT). The design and implementation of a UNIX-specific prototype of this expert system, called USTAT, is also presented. This prototype provides a further illustration of the overall design and functionality of this intrusion detection approach. Lastly, STAT is compared to the functionality of comparable intrusion detection tools.
INDEX TERMS
Security, intrusion detection, expert systems
CITATION
Koral Ilgun, Richard A. Kemmerer, Phillip A. Porras, "State Transition Analysis: A Rule-Based Intrusion Detection Approach", IEEE Transactions on Software Engineering, vol.21, no. 3, pp. 181-199, March 1995, doi:10.1109/32.372146
18 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool