Determining intrusion activity for file-system recovery.

Determining intrusion activity for file-syste ...
Kai Yi Po, Kai Yi Po
Locate

My Reading Lists:

Create a new list



Buy this book

Last edited by WorkBot
January 24, 2010 | History

Determining intrusion activity for file-system recovery.

Recovery from intrusions is typically a very time-consuming and error-prone task because the precise details of an attack may not be known. The wide availability of attack toolkits that install modified utility programs and erase log files to hide an attack further complicates this problem. This thesis explores a fast and accurate method for determining intrusion activity for file-system recovery. Given an audit log of all system activities, our approach uses dependency analysis to determine the set of intrusion-related activities. This approach effectively detects all attack-related activities, but it can falsely mark legitimate activities as related to an intrusion. Hence, we propose various enhancements to improve the accuracy of the analysis. This approach is implemented as part of the Taser intrusion recovery system. Our evaluation shows that Taser is effective in recovering from the damage caused by a wide range of intrusions and system management errors.

Publish Date
Language
English
Pages
51

Buy this book

Book Details


Edition Notes

Source: Masters Abstracts International, Volume: 44-02, page: 0942.

Thesis (M.A.Sc.)--University of Toronto, 2005.

Electronic version licensed for access by U. of T. users.

GERSTEIN MICROTEXT copy on microfiche (1 microfiche).

The Physical Object

Pagination
51 leaves.
Number of pages
51

Edition Identifiers

Open Library
OL19216943M
ISBN 10
0494072768

Work Identifiers

Work ID
OL12683543W

Community Reviews (0)

No community reviews have been submitted for this work.

Lists

History

Download catalog record: RDF / JSON
January 24, 2010 Edited by WorkBot add more information to works
December 11, 2009 Created by WorkBot add works page