|
Published Articles >> Table of Contents >> Abstract
November-December 2004 (Vol. 2, No. 6)
pp. 42-52
The Kerf Toolkit for Intrusion Analysis
Javed Aslam, Northeastern University
Sergey Bratus, Dartmouth College
David Kotz, Dartmouth College
Ron Peterson, Dartmouth College
Brett Tofel, Dartmouth College
Daniela Rus, Massachusetts Institute of Technology
Full Article Text:
   
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MSP.2004.113
Send link to a friend
| Abstract |
|
To aid system administrators with post-attack intrusion analysis, the Kerf toolkit provides an integrated front end and powerful correlation and data-representation tools, all in one package.
|
 References
|
[1] J. Haines et al., "Validation of Sensor Alert Correlators," IEEE Security & Privacy, vol. 1, no. 1, 2003, pp. 46–56.
[2] L. Spitzner, "The Honeynet Project: Trapping the Hackers," IEEE Security & Privacy, vol. 1, no. 2, 2003, pp. 15–23.
[3] A. Mitchell and G. Vigna, "Mnemosyne: Designing and Implementing Network Short-term Memory," Proc. IEEE Int'l Conf. Eng. Complex Computer Systems (ICECCS 02), 2002, IEEE CS Press, pp. 91–100.
Additional References
[1] J. Allison., "Automated Log Processing," ;login:, vol. 27, no. 6, 2002, pp. 17–20.
[2] A. Chuvakin, "Advanced Log Processing," 2002, http://online.securityfocus.com/infocus1613 .
[3] M. Bauer, "Stealthful Sniffing, Logging, and Intrusion Detection: Useful and Fun Things You Can Do Without an IP Address," presentation at DefCon X, Aug. 2002; http:/defconx.wiremonkeys.org.
[4] A. Mitchell and G. Vigna, "Mnemosyne: Designing and Implementing Network Short-term Memory," Proc. IEEE Int'l Conf. Eng. of Complex Computer Systems (ICECCS 02), IEEE CS Press, 2002, pp. 91–100.
[5] L. Spitzner, "The Honeynet Project: Trapping the Hackers," IEEE Security & Privacy, vol. 1, no. 2, 2003, pp. 15–23.
Additional References
[1] S. Romig, "Correlating Log File Entries," ;login:, vol. 25, no. 7, 2000, pp. 38–44; www.usenix.org/publications/login/2000-11/ pdfslog.pdf
[2] V. Prevelakis, "A Secure Station for Network Monitoring and Control," Proc. 8th Usenix Security Symp., Usenix Assoc., 1999, pp. 115–122.
[3] S.T. Eckmann, G. Vigna, and R.A. Kemmerer, "STATL: An Attack Language for State-Based Intrusion Detection," J. Computer Security, vol. 10, no. 1, 2002, pp. 71–104; www.cs.ucsb.edu/~vignapublications.html
[4] N. Habra et al., "Asax: Software Architecture and Rule-based Language for Universal Audit Trail Analysis," Proc. European Symp. Research in Computer Science (ESORICS 92), Springer-Verlag, 1992, pp. 435–450.
[5] P. Ning, Y. Cui, and D.S. Reeves, "Analyzing Intensive Intrusion Alerts via Correlation," Proc. 5th Int'l Symp. Recent Advances in Intrusion Detection (RAID 02), LNCS 2516, Springer-Verlag, 2002, pp. 74–94.
[6] B. Morin et al., "M2D2: A Formal Data Model for IDS Correlation," Proc. 5th Int'l Symp. Recent Advances in Intrusion Detection (RAID'02), LNCS 2516, Springer-Verlag, 2002, pp. 115–137.
|
 Additional Information
|
Index Terms- Intrusion analysis, log alerts, attack forensics, remote logging
Citation:
Javed Aslam, Sergey Bratus, David Kotz, Ron Peterson, Brett Tofel, Daniela Rus,
"The Kerf Toolkit for Intrusion Analysis,"
IEEE Security and Privacy,
vol. 2,
no. 6,
pp. 42-52,
November-December,
2004
|
|
RSS Feed