Date: Wed, 20 Nov 1996 19:35:38 GMT Server: Apache/1.0.2 Content-type: text/html Content-length: 2260 Last-modified: Sat, 04 May 1996 04:01:32 GMT USTAT Intrusion Detection System

USTAT

State Transition Analysis Tool for UNIX




USTAT is a real-time rule-based intrusion detection system for SunOS4.1.x and Solaris 2.x.

Background and History

Phillip Porras introduced the concept of STAT as his master's thesis; STAT is an expert system which detects intrusions using a state transition table. You can retrieve an abstract of this thesis, or the full text (2.7M, postscript).

Koral Ilgun implemented STAT as a real-time intrusion detection system for UNIX; hence U_STAT. Click here for an abstract of his master's thesis, and here for the full text (1.2M, postscript). This implementation runs under SunOS 4 and makes use of the SunOS BSM Audit Trail.

This project has been and is under the supervision of Dr. Richard Kemmerer.

Current Work

Jonathan Wood has ported USTAT to Solaris 2.x, and is currently investigating approaches to a distributed intrusion detection system using USTAT. This system will collect data from multiple hosts on a network and process the data as a unified audit trail. Other research directions include incorporating USTAT with other IDS which complement its capabilities (i.e. anomaly detection systems), and expanding its auditing capabilities to take advantage of the extra information gleaned from gathering audit data from networked machines.




For more information, contact jonwood@cs.ucsb.edu or kemm@cs.ucsb.edu.


[ Hotlist ] [ Search ] [ Back to CS ]

Last modified: Tue Nov 7 14:08:12 PST 1995 by Jonathan Wood.