A network audit system for host-based intrusion detection (NASHID) in Linux

	This Article
	Subscribers, please Login Purchase article: $19 PDF IEEE Xplore Subscribers RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by T.E. Daniels Articles by E.H. Spafford

16th Annual Computer Security Applications Conference (ACSAC'00)

New Orleans, Louisiana

December 11-December 15

ISBN: 0-7695-0859-6

	ASCII Text	x
	T.E. Daniels, E.H. Spafford, "A network audit system for host-based intrusion detection (NASHID) in Linux," Computer Security Applications Conference, Annual, pp. 178, 16th Annual Computer Security Applications Conference (ACSAC'00), 2000.

	BibTex	x
	@article{ 10.1109/ACSAC.2000.898871, author = {T.E. Daniels and E.H. Spafford}, title = {A network audit system for host-based intrusion detection (NASHID) in Linux}, journal ={Computer Security Applications Conference, Annual}, volume = {0}, year = {2000}, issn = {1063-9527}, pages = {178}, doi = {http://doi.ieeecomputersociety.org/10.1109/ACSAC.2000.898871}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Computer Security Applications Conference, Annual TI - A network audit system for host-based intrusion detection (NASHID) in Linux SN - 1063-9527 SP EP A1 - T.E. Daniels, A1 - E.H. Spafford, PY - 2000 KW - network operating systems; Unix; auditing; security of data; computer network management; network audit system; host-based intrusion detection; NASHID; Linux; operating system audit trails; low-level network attacks; system calls; application sources; network protocol stack; audit data; audit data accumulation VL - 0 JA - Computer Security Applications Conference, Annual ER -

T.E. Daniels, CERIAS, Purdue Univ., West Lafayette, IN, USA

E.H. Spafford, CERIAS, Purdue Univ., West Lafayette, IN, USA

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/ACSAC.2000.898871

Recent work has shown that conventional operating system audit trails are insufficient to detect low-level network attacks. Because audit trails are typically based upon system calls or application sources, operations in the network protocol stack go unaudited. Earlier work has determined the audit data needed to detect low-level network attacks. We describe an implementation of an audit system which collects this data and analyze the issues that guided the implementation. Finally, we report the performance impact on the system and the rate of audit data accumulation in a test network.

Index Terms:

network operating systems; Unix; auditing; security of data; computer network management; network audit system; host-based intrusion detection; NASHID; Linux; operating system audit trails; low-level network attacks; system calls; application sources; network protocol stack; audit data; audit data accumulation

Citation:

T.E. Daniels, E.H. Spafford, "A network audit system for host-based intrusion detection (NASHID) in Linux," acsac, pp.178, 16th Annual Computer Security Applications Conference (ACSAC'00), 2000

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.