Data Collection Mechanisms for Intrusion Detection Systems (2000) [6 citations — 1 self]
by
Eugene Spafford
,
Diego Zamboni
CERIAS, Purdue University, 1315 Recitation Building
Add To MetaCart
Popular Tags
No tags have been applied to this document.
BibTeX | Add To MetaCart
@TECHREPORT{Spafford00datacollection,
author = {Eugene Spafford and Diego Zamboni},
title = {Data Collection Mechanisms for Intrusion Detection Systems},
institution = {CERIAS, Purdue University, 1315 Recitation Building},
year = {2000}
}
author = {Eugene Spafford and Diego Zamboni},
title = {Data Collection Mechanisms for Intrusion Detection Systems},
institution = {CERIAS, Purdue University, 1315 Recitation Building},
year = {2000}
}
Bookmarks
OpenURL
Abstract:
Drawing from the experience obtained during the development and testing of a distributed intrusion detection system, we reflect on the data collection needs of intrusion detection systems, and on the limitations that are faced when using the data collection mechanisms built into most operating systems. We claim that it is best for an intrusion detection system to be able to collect its data by looking directly at the operations of the host, instead of indirectly through audit trails or network packets. Furthermore, for collecting data in an ecient, reliable and complete fashion, incorporation of monitoring mechanisms in the source code of the operating system and its applications is needed.
