SAINT: A Security Analysis Integration Tool

Source: CiteSeer

ABSTRACT This paper presents the design of SAINT, a tool being developed at the National Autonomous University of Mexico that will allow integrated analysis of information gathered from various sources, such as security tools and system logs. By simulating events occurring in the systems, and collected from the different sources, SAINT will allow detection, or even prevention of problems that may otherwise go undetected due to lack of information about them in any single place. SAINT's modular and extensible architecture make it feasible to add new modules for processing new data types, detecting new kinds of problems, or presenting the results in different formats. 1 Introduction --- The Problem As part of the ongoing computer security activities at the National AutonomousUniversity of Mexico (UNAM), the use of various security tools has been promoted as one of many ways of increasing Unix system security. Until now, only freely available tools have been used, mainly because they cove...

  • [Show abstract] [Hide abstract]
    ABSTRACT: Organizations more often than not lack comprehensive security policies and are not adequately prepared to protect their systems against intrusions. This paper puts forward a review of state of the art and state of the applicability of intrusion detection systems and models. The paper also presents a classification of literature pertaining to intrusion detection.
    Information Management &amp Computer Security 10/2003; 11:175-186. DOI:10.1108/09685220310489544
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: A basic method in computer security is to perform integrity checks on the file system to detect the installation of malicious programs, or the modification of sensitive files. Integrity tools to date rely on the operating system to function correctly, so once the operating system is compromised even a novice attacker can easily defeat these tools. A novel way to overcome this problem is the use of an independent auditor, which uses an out-of-band verification process that does not depend on the underlying operating system. In this paper we present a definition of independent auditors and a specific implementation of an independent auditor using an embedded system attached to the PCI bus.
  • [Show abstract] [Hide abstract]
    ABSTRACT: For most current intrusion detection systems, the capability to counterstrike network intrusion is limited. And the automatic protection of intranet is extremely difficult. In this paper, we present a system: TAICHI which combines heterogeneous intrusion detection systems with improved distributed firewall system (IDFS) to automatically detect and prevent intrusion originated from intranet or Internet. TAICHI can manage heterogeneous IDSs (intrusion detection systems) and firewalls with plugin, which makes it evolved easily to employ new detection technology and to integrate legacy firewall in an organization. ECA (extended common alert) in TAICHI can analyze alerts from heterogeneous IDSs. The system employs IDFS as a response subsystem, which could easily block attack originated from intranet or Internet. To configure heterogeneous firewalls efficiently, extended meta-firewall-rule configuration (EMFRC) was presented, which can not only configure firewall in a unified template, but also set special options of rules of different type with the same template. Due to EMFRC and IDFS, TAICHI makes the optimized strategy automatically to block intrusion from different network topology
    Machine Learning and Cybernetics, 2006 International Conference on; 09/2006


Available from