By Topic

USTAT: a real-time intrusion detection system for UNIX

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

1 Author(s)
Ilgun, K. ; Dept. of Comput. Sci., California Univ., Santa Barbara, CA, USA

The author presents the design and implementation of a real-time intrusion detection tool, called USTAT, a state transition analysis tool for UNIX. This is a UNIX-specific implementation of a generic design developed by A. Porras and R.A. Kemmerer (1992) as STAT, a state transition analysis tool. State transition analysis is a new approach to representing computer penetrations. In STAT, a penetration is identified as a sequence of state changes that take the computer system from some initial state to a target compromised state. The development of the first USTAT prototype, which is for SunOS 4.1.1, is discussed. USTAT makes use of the audit trails that are collected by the C2 basic security module of SunOS, and it keeps track of only those critical actions that must occur for the successful completion of the penetration. This approach differs from other rule-based penetration identification tools that pattern match sequences of audit records

Published in:

Research in Security and Privacy, 1993. Proceedings., 1993 IEEE Computer Society Symposium on

Date of Conference:

24-26 May 1993