Sciweavers

JCS
2002

Panoptis: Intrusion Detection Using a Domain-Specific Language

14 years 7 days ago
Panoptis: Intrusion Detection Using a Domain-Specific Language
We describe the use of a domain-specific language (DSL) for expressing critical design values and constraints in an intrusion detection application. Through the use of this specialised language, information that is critical to the correct operation of the software can be expressed in a form that can be easily drafted, verified, and maintained by domain experts (security officers), thus minimising the risk inherent from the mediation of software engineers. Our application, Panoptis, is a DSL-based low-cost, easyto-use intrusion detection system using the process accounting records kept by most Unix systems. A set of database tables contain resource usage profiles for processes, terminals, users, and time intervals. Panoptis monitors new process data against the recorded profiles and reports on entities diverging from the established resource usage envelopes implying possible data security threats. We demonstrate the operation of Panoptis by a case study of a real attack and subsequent ...
Diomidis Spinellis, Dimitris Gritzalis
Added 22 Dec 2010
Updated 22 Dec 2010
Type Journal
Year 2002
Where JCS
Authors Diomidis Spinellis, Dimitris Gritzalis
Comments (0)