Detecting and displaying novel computer attacks with macroscope

被引：5

作者：

Cunningham, RK ^{[1
]}

Lippmann, RP ^{[1
]}

Webster, SE ^{[1
]}

机构：

[1] MIT, Lincoln Lab, Informat Syst Technol Grp, Lexington, MA 02420 USA

来源：

IEEE TRANSACTIONS ON SYSTEMS MAN AND CYBERNETICS PART A-SYSTEMS AND HUMANS | 2001年 / 31卷 / 04期

关键词：

bottleneck verification (BV); intrusion detection; security;

D O I：

10.1109/3468.935044

中图分类号：

TP3 [计算技术、计算机技术];

学科分类号：

0812 ;

摘要：

Macroscope is a network-based intrusion detection system that uses bottleneck verification (BV) to detect user-to-superuser attacks. BV detects novel computer attacks by looking for users performing high privilege operations without passing through legal "bottleneck" checkpoints that grant those privileges. Macroscope's BV implementation models many common Unix commands, and has extensions to detect intrusions that exploit trust relationships, as well as previously installed Trojan programs. BV performs at a false alarm rate more than two orders of magnitude lower than a reference signature verification system, while simultaneously increasing the detection rate from roughly 20% to 80% of user-to-superuser attacks.

引用

页码：275 / 281

页数：7

共 50 条

[21] Displaying a graph on a personal computer
Savinov, Yu.G.
Safarov, S.I.
Engineering Simulation, 1995, 12 (02): : 309 - 313
[22] Detecting BrakTooth Attacks
Nandikotkur, Achyuth
Traore, Issa
Mamun, Mohammad
PROCEEDINGS OF THE 20TH INTERNATIONAL CONFERENCE ON SECURITY AND CRYPTOGRAPHY, SECRYPT 2023, 2023, : 787 - 792
[23] Detecting attacks on networks
Herringshaw, C
COMPUTER, 1997, 30 (12) : 16 - 17
[24] A Novel Trust Model In Detecting Final-Phase Attacks in Substations
Boakye-Boateng, Kwasi
Ghorbani, Ali A.
Lashkari, Arash Habibi
2021 18TH INTERNATIONAL CONFERENCE ON PRIVACY, SECURITY AND TRUST (PST), 2021,
[25] MARC: A Novel Framework for Detecting MITM Attacks in eHealthcare BLE Systems
Yaseen, Muhammad
Iqbal, Waseem
Rashid, Imran
Abbas, Haider
Mohsin, Ahid
Saleem, Kashif
Bangash, Yawar Abbas
JOURNAL OF MEDICAL SYSTEMS, 2019, 43 (11)
[26] MARC: A Novel Framework for Detecting MITM Attacks in eHealthcare BLE Systems
Muhammad Yaseen
Waseem Iqbal
Imran Rashid
Haider Abbas
Mujahid Mohsin
Kashif Saleem
Yawar Abbas Bangash
Journal of Medical Systems, 2019, 43
[27] Different multi-objective evolutionary programming approaches for detecting computer network attacks
Anchor, KP
Zydallis, JB
Gunsch, GH
Lamont, GB
EVOLUTIONARY MULTI-CRITERION OPTIMIZATION, PROCEEDINGS, 2003, 2632 : 707 - 721
[28] A Novel System for Quantifying the Danger Degree of Computer Network Attacks
Keramati, Marjan
2017 IEEE 4TH INTERNATIONAL CONFERENCE ON KNOWLEDGE-BASED ENGINEERING AND INNOVATION (KBEI), 2017, : 804 - 809
[29] DISPLAYING COMPUTER-GENERATED DATA
FORDE, T
ELECTRONIC ENGINEERING, 1977, 49 (599): : 90 - 91
[30] DISPLAYING ON THE COMPUTER HOW WE TALK
LLAURADO, JG
INTERNATIONAL JOURNAL OF BIO-MEDICAL COMPUTING, 1982, 13 (06): : 449 - 450

← 1 2 3 4 5 →