CERIAS - Center for Education and Research in Information Assurance and Security

Skip Navigation
Purdue University
Center for Education and Research in Information Assurance and Security

Host-Based Misuse Detection and Conventional Operating Systems



Price, Katherine

Tech report number

COAST TR 97-15

Entry type



Computing systems have evolved from stand-aone mainframes to comlex, interconnected open systems, and this evolution has lead to proliferation of avenues of attack. With the knowledge that system misusers have open avenues for attack, misuse detection provides an important line of defense. For a misuse detection system to be effective, there needs to be an audit trail of system activity that was designed to support misuse detection needs. A major challenge in misuse detection is that audit data is inadequate. The data supplied by current auditing systems lack content useful for misuse detection, and there is no widely accepted audit trail standard. This thesis presents a comparison of the needs of host-based misuse detection with the capabilities of auditing facilities of convential operating systems. Host-based misuse detection systems are examined, and the audit data used by each are outlined. Auditing systems of convential operating systems are also examined, and the data colected by each are outlined. A comparison of the needs of the misuse detection systems and the capabilities of existing auditing facilities is then presented. the results of this study aid in the determination of what data content should be provided by auditing systems for the support of misuse detection goals.


Publication Date



1. Introduction 2. Related Work 3. Survey of Misuse Detection Systems 4. Survey of Conventional Operating Systems 5. Misuse Detection needs and Audit Collection Capabilities 6. Conclusion and Future Directions


A hard-copy of this is in REC 216

BibTex-formatted data

To refer to this entry, you may select and copy the text below and paste it into your BibTex document. Note that the text may not contain all macros that BibTex supports.