Re: Timeline description of IDS
Abdelaziz MOUNJI (amo@info.fundp.ac.be)
Tue, 22 Nov 94 11:00:56 GMT
-----------------------------------------------------------------------
System Name: ASAX (Advanced Security audit trail Analysis on uniX)
Institution: Facultes Universitaires ND de la Paix. Institut d'Informatique
Contact Reference:
A. Mounji
Institut d'Informatique,
rue Grandgagnage, 21
B-5000 Namur
Belgium
Tel: +32 81 724987 (Office)
+32 81 221803 (Home)
Fax: +32 81 724967
E-mail: amo@info.fundp.ac.be
Author(s): B. Le Charlier, A. Mounji, N. Habra, I. Mathieu
Project Start Date: Nov 1991 Project Finish Date: still on the track
System Environment(s): ASAX system runs on many unix machines (SunOS, Ultrix, Sinix, ...).
Version Info: V 1.0
Keywords: audit trail, rule-based language, pattern recognition, anomaly
detection.
Brief System Description:
ASAX aims at providing an advanced tool to support security audit trail
analysis. One key feature of ASAX is its elegant architecture built on top
of a universal analysis tool allowing any audit trail to be analyzed after a
straight format adaptation. Another key feature of the ASAX project is the
language RUSSEL used to express queries on audit trails. RUSSEL (RUle baSed
Sequence Evaluation Language) is a rule-based language which is tailor-made for
the analysis of sequential files in one and only one pass. The conception of
RUSSEL makes a good compromise with respect to the needed efficiency on the one hand and to the suitable declarative look on the other hand. The language is
used for detecting real world security violations such as sequence of failed
logins, unauthorized file access, creation of suspicious setuid files,
trojan programs, system files corruptions, etc. The tool also support on-line
detection by analyzing audit records on the fly.