By Topic

Detecting computer and network misuse through the production-based expert system toolset (P-BEST)

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

2 Author(s)
Lindqvist, U. ; Dept. of Comput. Eng., Chalmers Univ. of Technol., Goteborg, Sweden ; Porras, P.A.

The paper describes an expert system development toolset called the Production-Based Expert System Toolset (P-BEST) and how it is employed in the development of a modern generic signature analysis engine for computer and network misuse detection. For more than a decade, earlier versions of P-BEST have been used in intrusion detection research and in the development of some of the most well known intrusion detection systems, but this is the first time the principles and language of P-BEST are described to a wide audience. We present rule sets for detecting subversion methods against which there are few defenses-specifically, SYN flooding and buffer overruns-and provide performance measurements. Together, these examples and performance measurements indicate that P-BEST based expert systems are well suited for real time misuse detection in contemporary computing environments. In addition, the simplicity of the P-BEST language and its close integration with the C programming language makes it easy to use while still being very powerful and flexible

Published in:

Security and Privacy, 1999. Proceedings of the 1999 IEEE Symposium on

Date of Conference:

1999