Date: Wed, 20 Nov 1996 19:35:38 GMT
Server: Apache/1.0.2
Content-type: text/html
Content-length: 2260
Last-modified: Sat, 04 May 1996 04:01:32 GMT
USTAT Intrusion Detection System
USTAT
State Transition Analysis Tool for UNIX
USTAT is a real-time rule-based intrusion detection system for SunOS4.1.x and
Solaris 2.x.
Background and History
Phillip Porras introduced the concept of STAT as his master's thesis; STAT
is an expert system which detects intrusions using a state transition table.
You can retrieve an abstract of this thesis, or the full text (2.7M, postscript).
Koral Ilgun implemented STAT as a real-time intrusion detection system for
UNIX; hence U_STAT. Click here for an abstract of his master's thesis, and here for the full text (1.2M, postscript). This implementation runs under SunOS 4 and makes use of the SunOS BSM
Audit Trail.
This project has been and is under the supervision of Dr. Richard Kemmerer.
Current Work
Jonathan Wood has ported USTAT to Solaris 2.x, and is currently investigating
approaches to a distributed intrusion detection system using USTAT. This
system will collect data from multiple hosts on a network and process the
data as a unified audit trail. Other research directions include
incorporating USTAT with other IDS which complement its capabilities (i.e.
anomaly detection systems), and expanding its auditing capabilities to take
advantage of the extra information gleaned from gathering audit data from
networked machines.
For more information, contact jonwood@cs.ucsb.edu or kemm@cs.ucsb.edu.
[ Hotlist ]
[ Search ]
[ Back to CS ]
Last modified: Tue Nov 7 14:08:12 PST 1995 by Jonathan Wood.