David Keirsey writes, > > There is a third direction in intrusion detection. This direction or > technique different from the two outlined above because it doesn't try to > detect patterns or behaviors. The technique might be loosely called > Self-Nonself Discrimination. (This is from [Forrest et al 94]). This > technique is to identify critical parts of the network/os software that > should not be changed and then signal when they do change. I think your > suggestions in your verification step (5) are along these lines. The > TRIPWIRE software is a good example of a simple tool of this type of > technique. > > Discrimination in a Computer", Proceedings of 1994 IEEE Symposium on > Research in Security and Privacy (in Press) > > > Solaris2.X has a similar package called ASET (Automated Security Enhancment Tool) which does this but also checks the content of important system files. Kirk.