- Email: [email protected]
Automated audit trail analysis for intrusion detection
Abstracts of Recent Articles and Literature
the authorities. Events arc often seen in terms of white collar criminal archctypcs. If the term “computer hacker” is used, one assumes a threat outside normal cxpcricncc which can only be countered with heavy duty technology, whcrcas fraud or blackmail appear as more manageable problems. The very act of separating off computer crime from all other criminal activities makes managcmcnt think that the problems arc more to do with computers than with crime. The sooner computer crimes arc seen as ordinary crimes which may at some point need the attention of a specialist in computer forensics, the bcttcr. Computer Weekly, April 23, J 992, p. 22. Automated Audit Trail Analysis for Intrusion Detection, Teresa Lunt. Even the most sccurc systems arc vulncrablc to abuse from insiders who misuse their privilcgcs. Audit trails can establish accountability of users for their actions and have been vicwcd as a final line of dcfcncc, as they can be used to establish the guilt or innoccncc of suspcctcd individuals. Audit trails wcrc gcncrally cstablishcd for pcrformancc mcasurcmcnt or accounting purposes and offer little help in dctccting intrusions. This article considers the means whcrcby audit trails can bc adapted for security purposes. It conccntratcs on the application of automated tools to analyst the audit data and crcatc the information ncccssary to detect suspicious cvcnts. In particular the author focuses upon SKI’s Intrusion Dctcction Expert System (IDES). Computer Audit Update, April 1992, pp. 2-8. IT Security Evaluation Manual-The Current Status. The author looks at the current status of the EC’s IT Security Evaluation Criteria (ITSEC) project and in particular conccntratcs
492
upon the recently published IT Security Evaluation Manual (ITSEM), published by the participating countries: Germany, France, the UK and Holland. The manual aims to give guidance on the cvaluation methodology to bc applied to carry out testing to prove both the functionality and assurance of security products. The relationship between ITSEC and ITSEM is outlined, and the structure of ITSEM is described. Other arcas considered include: open systems, evaluation options and the ongoing intcrnational collaboration on the project. Computer Audit Update, May J 992, pp. 3- 7. Government Eavesdropping-Should Consumers Pay?, Wayne Mudsen. The author takes a look at the moves made in rcccnt years by the FBI, the NSA, and the US Dcpartmcnt ofJusticc, to pass legislation in Congress permitting the organizations’ wide cavcsdropping powers on tclccommunications lines. The various lcgislativc moves that have been made arc outlined, and thcrc is a brief mention of the moves made to shift the financial burden for the intcrccption of conlnlunications onto the user! Computer Fraud and Security Bulletin, May J 992, pp. 7-8. Yet Another Machine to Break DES, Robert McLaughlin. The Data Encryption Standard (DES) has been the subject of multiple attempts at brcaking. As of this date no one has announced a method that will break DES with certainty. This article dots not consider a method but dcvclops another machine. Many such machines have been proposed over the years. The machine in this article makes USC of current high-speed encryption chips in combination with hardware fuzzy comparers to automate the breaking process. CYyptolq$tr, Apri/ J 992, pp. 136- 144.
the authorities. Events arc often seen in terms of white collar criminal archctypcs. If the term “computer hacker” is used, one assumes a threat outside normal cxpcricncc which can only be countered with heavy duty technology, whcrcas fraud or blackmail appear as more manageable problems. The very act of separating off computer crime from all other criminal activities makes managcmcnt think that the problems arc more to do with computers than with crime. The sooner computer crimes arc seen as ordinary crimes which may at some point need the attention of a specialist in computer forensics, the bcttcr. Computer Weekly, April 23, J 992, p. 22. Automated Audit Trail Analysis for Intrusion Detection, Teresa Lunt. Even the most sccurc systems arc vulncrablc to abuse from insiders who misuse their privilcgcs. Audit trails can establish accountability of users for their actions and have been vicwcd as a final line of dcfcncc, as they can be used to establish the guilt or innoccncc of suspcctcd individuals. Audit trails wcrc gcncrally cstablishcd for pcrformancc mcasurcmcnt or accounting purposes and offer little help in dctccting intrusions. This article considers the means whcrcby audit trails can bc adapted for security purposes. It conccntratcs on the application of automated tools to analyst the audit data and crcatc the information ncccssary to detect suspicious cvcnts. In particular the author focuses upon SKI’s Intrusion Dctcction Expert System (IDES). Computer Audit Update, April 1992, pp. 2-8. IT Security Evaluation Manual-The Current Status. The author looks at the current status of the EC’s IT Security Evaluation Criteria (ITSEC) project and in particular conccntratcs
492
upon the recently published IT Security Evaluation Manual (ITSEM), published by the participating countries: Germany, France, the UK and Holland. The manual aims to give guidance on the cvaluation methodology to bc applied to carry out testing to prove both the functionality and assurance of security products. The relationship between ITSEC and ITSEM is outlined, and the structure of ITSEM is described. Other arcas considered include: open systems, evaluation options and the ongoing intcrnational collaboration on the project. Computer Audit Update, May J 992, pp. 3- 7. Government Eavesdropping-Should Consumers Pay?, Wayne Mudsen. The author takes a look at the moves made in rcccnt years by the FBI, the NSA, and the US Dcpartmcnt ofJusticc, to pass legislation in Congress permitting the organizations’ wide cavcsdropping powers on tclccommunications lines. The various lcgislativc moves that have been made arc outlined, and thcrc is a brief mention of the moves made to shift the financial burden for the intcrccption of conlnlunications onto the user! Computer Fraud and Security Bulletin, May J 992, pp. 7-8. Yet Another Machine to Break DES, Robert McLaughlin. The Data Encryption Standard (DES) has been the subject of multiple attempts at brcaking. As of this date no one has announced a method that will break DES with certainty. This article dots not consider a method but dcvclops another machine. Many such machines have been proposed over the years. The machine in this article makes USC of current high-speed encryption chips in combination with hardware fuzzy comparers to automate the breaking process. CYyptolq$tr, Apri/ J 992, pp. 136- 144.