Accession Number : ADA289314

Title :   Improving Intrusion Detection in Unix-Based Networks.

Descriptive Note : Master's thesis,

Corporate Author : AIR FORCE INST OF TECH WRIGHT-PATTERSON AFB OH SCHOOL OF ENGINEERING

Personal Author(s) : Landry, David R.

PDF Url : ADA289314

Report Date : DEC 1994

Pagination or Media Count : 61

Abstract : Computer security has not kept pace with the rapid growth of networked systems. Through its connection to the Internet, the Department of Defense is vulnerable to computer-based attacks. Current intrusion detection systems are still unproven, too complicated, or too costly for most system security officers to implement. The attack methods used by system intruders are known and can be represented as groups of commands called attack signatures. This thesis investigates methods for detecting intruders by monitoring command usage. Testing was conducted in both controlled and uncontrolled circumstances. With controlled testing, it was shown that 7 of the 11 signatures could be detected through command monitoring. Command recording deficiencies prevented all 11 signatures from being detected. With uncontrolled testing, users were monitored without their knowledge for one month. No actual attacks were observed, but there were 18 instances of false positives out of 145,066 monitored commands. The implemented system was successful at detecting most attacks, with only a small percentage of false positives. This thesis is an intermediate step in exploring methods to better protect Air Force systems from attack. Future work should aim to detect attacks before they are fully completed by monitoring networks at the packet level.

Descriptors :   *DATA PROCESSING SECURITY, *COMMUNICATIONS TRAFFIC, *COMPUTER NETWORKS, *INTRUSION DETECTION, TEST AND EVALUATION, CONTROL, AIR FORCE, DEPARTMENT OF DEFENSE, HIGH RATE, MONITORING, GROWTH(GENERAL), VULNERABILITY, THESES, DEFICIENCIES, SIGNATURES, COMPUTER APPLICATIONS, RECORDING SYSTEMS, OFFICER PERSONNEL, INTRUSION DETECTORS.

Subject Categories : Computer Systems
      Computer Systems Management and Standards

Distribution Statement : APPROVED FOR PUBLIC RELEASE