Sciweavers

ACSAC
2001
IEEE

eXpert-BSM: A Host-Based Intrusion Detection Solution for Sun Solaris

13 years 7 months ago
eXpert-BSM: A Host-Based Intrusion Detection Solution for Sun Solaris
eXpert-BSM is a real time forward-reasoning expert system that analyzes Sun Solaris audit trails. Based on many years of intrusion detection research, eXpert-BSM's knowledge base detects a wide range of specific and general forms of misuse, provides detailed reports and recommendations to the system operator, and has a low false-alarm rate. Host-based intrusion detection offers the ability to detect misuse and subversion through the direct monitoring of processes inside the host, providing an important complement to network-based surveillance. Suites of eXpert-BSMs may be deployed throughout a network, and their alarms managed, correlated, and acted on by remote or local subscribing security services, thus helping to address issues of decentralized management. Inside the host, eXpert-BSM is intended to operate as a true security daemon for host systems, consuming few CPU cycles and very little memory and secondary storage. eXpert-BSM has been available for download on the Interne...
Ulf Lindqvist, Phillip A. Porras
Added 23 Aug 2010
Updated 23 Aug 2010
Type Conference
Year 2001
Where ACSAC
Authors Ulf Lindqvist, Phillip A. Porras
Comments (0)