NetSTAT:一个基于网络的入侵检测方法

Proceedings 14th Annual Computer Security Applications Conference (Cat. No.98EX217) Pub Date : 1998-12-07 DOI:10.1109/CSAC.1998.738566

G. Vigna, R. Kemmerer

{"title":"NetSTAT:一个基于网络的入侵检测方法","authors":"G. Vigna, R. Kemmerer","doi":"10.1109/CSAC.1998.738566","DOIUrl":null,"url":null,"abstract":"Network-based attacks have become common and sophisticated. For this reason, intrusion detection systems are now shifting their focus from the hosts and their operating systems to the network itself. Network-based intrusion detection is challenging because network auditing produces large amounts of data, and different events related to a single intrusion may be visible in different places on the network. This paper presents NetSTAT, a new approach to network intrusion detection. By using a formal model of both the network and the attacks, NetSTAT is able to determine which network events have to be monitored and where they can be monitored.","PeriodicalId":426526,"journal":{"name":"Proceedings 14th Annual Computer Security Applications Conference (Cat. No.98EX217)","volume":"11 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"1998-12-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"315","resultStr":"{\"title\":\"NetSTAT: a network-based intrusion detection approach\",\"authors\":\"G. Vigna, R. Kemmerer\",\"doi\":\"10.1109/CSAC.1998.738566\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Network-based attacks have become common and sophisticated. For this reason, intrusion detection systems are now shifting their focus from the hosts and their operating systems to the network itself. Network-based intrusion detection is challenging because network auditing produces large amounts of data, and different events related to a single intrusion may be visible in different places on the network. This paper presents NetSTAT, a new approach to network intrusion detection. By using a formal model of both the network and the attacks, NetSTAT is able to determine which network events have to be monitored and where they can be monitored.\",\"PeriodicalId\":426526,\"journal\":{\"name\":\"Proceedings 14th Annual Computer Security Applications Conference (Cat. No.98EX217)\",\"volume\":\"11 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"1998-12-07\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"315\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings 14th Annual Computer Security Applications Conference (Cat. No.98EX217)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/CSAC.1998.738566\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings 14th Annual Computer Security Applications Conference (Cat. No.98EX217)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CSAC.1998.738566","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 315

摘要

基于网络的攻击已经变得普遍和复杂。出于这个原因，入侵检测系统现在正将其重点从主机及其操作系统转移到网络本身。基于网络的入侵检测具有挑战性，因为网络审计会产生大量数据，并且与单个入侵相关的不同事件可能在网络上的不同位置可见。本文提出了一种新的网络入侵检测方法——NetSTAT。通过使用网络和攻击的正式模型，NetSTAT能够确定必须监视哪些网络事件以及可以监视哪些网络事件。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

NetSTAT: a network-based intrusion detection approach

Network-based attacks have become common and sophisticated. For this reason, intrusion detection systems are now shifting their focus from the hosts and their operating systems to the network itself. Network-based intrusion detection is challenging because network auditing produces large amounts of data, and different events related to a single intrusion may be visible in different places on the network. This paper presents NetSTAT, a new approach to network intrusion detection. By using a formal model of both the network and the attacks, NetSTAT is able to determine which network events have to be monitored and where they can be monitored.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Proceedings 14th Annual Computer Security Applications Conference (Cat. No.98EX217)

自引率

0.00%

发文量