No ebook available.
Prefer the physical book? Check nearby libraries powered by WorldCat
Share this book
Determining intrusion activity for file-system recovery.
Published
2005
.
Written in English.
About the Book
Recovery from intrusions is typically a very time-consuming and error-prone task because the precise details of an attack may not be known. The wide availability of attack toolkits that install modified utility programs and erase log files to hide an attack further complicates this problem. This thesis explores a fast and accurate method for determining intrusion activity for file-system recovery. Given an audit log of all system activities, our approach uses dependency analysis to determine the set of intrusion-related activities. This approach effectively detects all attack-related activities, but it can falsely mark legitimate activities as related to an intrusion. Hence, we propose various enhancements to improve the accuracy of the analysis. This approach is implemented as part of the Taser intrusion recovery system. Our evaluation shows that Taser is effective in recovering from the damage caused by a wide range of intrusions and system management errors.
Edition Notes
Source: Masters Abstracts International, Volume: 44-02, page: 0942.
Thesis (M.A.Sc.)--University of Toronto, 2005.
Electronic version licensed for access by U. of T. users.
GERSTEIN MICROTEXT copy on microfiche (1 microfiche).
The Physical Object
Pagination |
51 leaves. |
Number of pages |
51 |
ID Numbers
Open Library |
OL19216943M |
ISBN 10 |
0494072768 |
History Created December 11, 2009 · 2 revisions Download catalog record: RDF / JSON
| January 24, 2010 | Edited by WorkBot | add more information to works |
| December 11, 2009 | Created by WorkBot | add works page |