The Community for Technology Leaders
Computer Security Applications Conference, Annual (2000)
New Orleans, Louisiana
Dec. 11, 2000 to Dec. 15, 2000
ISSN: 1063-9527
ISBN: 0-7695-0859-6
pp: 178
T.E. Daniels , CERIAS, Purdue Univ., West Lafayette, IN, USA
E.H. Spafford , CERIAS, Purdue Univ., West Lafayette, IN, USA
ABSTRACT
Recent work has shown that conventional operating system audit trails are insufficient to detect low-level network attacks. Because audit trails are typically based upon system calls or application sources, operations in the network protocol stack go unaudited. Earlier work has determined the audit data needed to detect low-level network attacks. We describe an implementation of an audit system which collects this data and analyze the issues that guided the implementation. Finally, we report the performance impact on the system and the rate of audit data accumulation in a test network.
INDEX TERMS
network operating systems; Unix; auditing; security of data; computer network management; network audit system; host-based intrusion detection; NASHID; Linux; operating system audit trails; low-level network attacks; system calls; application sources; network protocol stack; audit data; audit data accumulation
CITATION

T. Daniels and E. Spafford, "A network audit system for host-based intrusion detection (NASHID) in Linux," Computer Security Applications Conference, Annual(ACSAC), New Orleans, Louisiana, 2000, pp. 178.
doi:10.1109/ACSAC.2000.898871
87 ms
(Ver 3.3 (11022016))