The Center for Education and Research in Information Assurance and Security (CERIAS)

The Center for Education and Research in
Information Assurance and Security (CERIAS)
Center for Education and Research in Information Assurance and Security

A Network Audit System for Host-based Intrusion Detection (NASHID)

Download

Download PDF Document
PDF

Author

Tom Daniels, Eugene Spafford

Tech report number

CERIAS TR 1999-10

Entry type

techreport

Abstract

Recent work has shown that conventional operating system audit trails are insufficient to detect low-level network attacks. Because audit are typically based upon system calls or application sources, operations in the network protocol stack go unaudited. In our earlier work, we determined the audit data needed to detect low-level network attacks. in this paper we describe an implementation of an audit system which collects this data and analyze th issues that guided th implementation. Finally, we report the performance impact on th systm and the rat of audit data accumulation in a test network.

Download

PDF

Date

1999 – 21

Institution

Purdue University

Key alpha

Daniels

Publication Date

0000-00-00

Language

English

Location

A hard-copy of this is in the Papers Cabinet

BibTex-formatted data

To refer to this entry, you may select and copy the text below and paste it into your BibTex document. Note that the text may not contain all macros that BibTex supports.