An efficient method to intrusion detection
Résumé
This paper presents a new method in intrusion detection based on analyzing the audit trails of users' activities in a local area network. This approach consists of detecting the presence of known attacks in servers' audit sessions. Each attack scenario is described by a column vector containing the different occurrences of the system events that represent the attack. The detection procedure consists of examining the manifestation of the attack scenarios in the system event trace. This method could be applied to attacks on servers. The most advantages of the presented method are (1) it is easy to implement in any network having the audit mechanism, (2) it is very fast and may be used in real time and (3) it is robust.