CERIAS Weblogs » About: Backtracking Intrusions

[topcap]

Pascal Meunier

Pascal Meunier is a research scientist at the Center for Education and Research in Information and Assurance (CERIAS) at Purdue University. He is the author of the Cassandra system, the CIRDB and PI for the ReAssure project. He also teaches secure programming and publishes a set of slides in 3 parts on the subject.

Author XML Feeds

Search

[bottomcap]
November 9th, 2005 by Pascal Meunier in General

King and Chen (2005) write about their BackTracker software. The idea is interesting: let’s log everything needed to relate a sequence of events leading to an intrusion. Everything in this case is processes, files, and filenames. It can generate dependency graphs, once an anomalous process or event has been identified. That is, something else must raise an alert, and then BackTracker helps find the cause. It’s an interesting representation of an attack.

Taken one step further than they do, perhaps these dependency graphs could be used for intrusion detection?

del.icio.us »

Leave a Reply

« About: Secure Program Execution via Dynamic Information Flow Tracking
Review: The Limits of Privacy »