Outline for March 9, 1999
- Greetings and felicitations!
- Auditing
- Goals: reconstruction or deduction?
- Relationship to security policy
- Application logs
- System logs
- Example analysis technique
- GOAL methodology
- Do it on local file accesses
- Problems
- Log size
- Impact on system services
- Correllation of disparate logs
- Intrusion detection
- Anomaly detection
- Misuse detection
- Specification detection
- Anomaly detection
- Dorothy Denning's model and IDES
- Useful characteristics (examples)
- Cautions and problems
- Defeating it
- Misuse detection
- TIM (from DEC)
- Rule-based analysis and attack recognition
- Cautions and problems
- Defeating it
- Specification Detection
- Property-Based Testing (introduce specifications here)
- Example
- Cautions and problems
- Defeating it
- Toss in a network
- NSM
- DIDS
- GrIDS
You can get this document in
ASCII text,
Framemaker+SGML version 5.5,
PDF (for Acrobat 3.0 or later),
or
Postscript.
Send email to
[email protected].
Department of Computer Science
University of California at Davis
Davis, CA 95616-8562
Page last modified on 3/25/99