Article

SAINT: A Security Analysis Integration Tool

04/1997;
Source: CiteSeer

ABSTRACT This paper presents the design of SAINT, a tool being developed at the National Autonomous University of Mexico that will allow integrated analysis of information gathered from various sources, such as security tools and system logs. By simulating events occurring in the systems, and collected from the different sources, SAINT will allow detection, or even prevention of problems that may otherwise go undetected due to lack of information about them in any single place. SAINT's modular and extensible architecture make it feasible to add new modules for processing new data types, detecting new kinds of problems, or presenting the results in different formats. 1 Introduction --- The Problem As part of the ongoing computer security activities at the National AutonomousUniversity of Mexico (UNAM), the use of various security tools has been promoted as one of many ways of increasing Unix system security. Until now, only freely available tools have been used, mainly because they cove...

0 Bookmarks
 · 
46 Views
  • [Show abstract] [Hide abstract]
    ABSTRACT: For most current intrusion detection systems, the capability to counterstrike network intrusion is limited. And the automatic protection of intranet is extremely difficult. In this paper, we present a system: TAICHI which combines heterogeneous intrusion detection systems with improved distributed firewall system (IDFS) to automatically detect and prevent intrusion originated from intranet or Internet. TAICHI can manage heterogeneous IDSs (intrusion detection systems) and firewalls with plugin, which makes it evolved easily to employ new detection technology and to integrate legacy firewall in an organization. ECA (extended common alert) in TAICHI can analyze alerts from heterogeneous IDSs. The system employs IDFS as a response subsystem, which could easily block attack originated from intranet or Internet. To configure heterogeneous firewalls efficiently, extended meta-firewall-rule configuration (EMFRC) was presented, which can not only configure firewall in a unified template, but also set special options of rules of different type with the same template. Due to EMFRC and IDFS, TAICHI makes the optimized strategy automatically to block intrusion from different network topology
    Machine Learning and Cybernetics, 2006 International Conference on; 09/2006
  • [Show abstract] [Hide abstract]
    ABSTRACT: Organizations more often than not lack comprehensive security policies and are not adequately prepared to protect their systems against intrusions. This paper puts forward a review of state of the art and state of the applicability of intrusion detection systems and models. The paper also presents a classification of literature pertaining to intrusion detection.
    Information Management &amp Computer Security 01/2003; 11:175-186.
  • [Show abstract] [Hide abstract]
    ABSTRACT: Organizations more often than not lack comprehensive security policies and are not adequately prepared to protect their systems against intrusions. This paper puts forward a review of the state of the art and state of the applicability of intrusion detection systems and models. The paper also presents a classification of literature pertaining to intrusion detection.
    Enabling Technologies: Infrastructure for Collaborative Enterprises, 2002. WET ICE 2002. Proceedings. Eleventh IEEE International Workshops on; 02/2002

Full-text

Download
2 Downloads
Available from