Accession Number : ADA289314
Title : Improving Intrusion Detection in Unix-Based Networks.
Descriptive Note : Master's thesis,
Corporate Author : AIR FORCE INST OF TECH WRIGHT-PATTERSON AFB OH SCHOOL OF ENGINEERING
Personal Author(s) : Landry, David R.
PDF Url : ADA289314
Report Date : DEC 1994
Pagination or Media Count : 61
Abstract : Computer security has not kept pace with the rapid growth of networked systems. Through its connection to the Internet, the Department of Defense is vulnerable to computer-based attacks. Current intrusion detection systems are still unproven, too complicated, or too costly for most system security officers to implement. The attack methods used by system intruders are known and can be represented as groups of commands called attack signatures. This thesis investigates methods for detecting intruders by monitoring command usage. Testing was conducted in both controlled and uncontrolled circumstances. With controlled testing, it was shown that 7 of the 11 signatures could be detected through command monitoring. Command recording deficiencies prevented all 11 signatures from being detected. With uncontrolled testing, users were monitored without their knowledge for one month. No actual attacks were observed, but there were 18 instances of false positives out of 145,066 monitored commands. The implemented system was successful at detecting most attacks, with only a small percentage of false positives. This thesis is an intermediate step in exploring methods to better protect Air Force systems from attack. Future work should aim to detect attacks before they are fully completed by monitoring networks at the packet level.
Descriptors : *DATA PROCESSING SECURITY, *COMMUNICATIONS TRAFFIC, *COMPUTER NETWORKS, *INTRUSION DETECTION, TEST AND EVALUATION, CONTROL, AIR FORCE, DEPARTMENT OF DEFENSE, HIGH RATE, MONITORING, GROWTH(GENERAL), VULNERABILITY, THESES, DEFICIENCIES, SIGNATURES, COMPUTER APPLICATIONS, RECORDING SYSTEMS, OFFICER PERSONNEL, INTRUSION DETECTORS.
Subject Categories : Computer Systems
Computer Systems Management and Standards
Distribution Statement : APPROVED FOR PUBLIC RELEASE