eXpert-BSM: a host-based intrusion detection solution for Sun Solaris

U. Lindqvist, P.A. Porras
Seventeenth Annual Computer Security Applications Conference  
eXpert-BSM is a real time forward-reasoning expert system that analyzes Sun Solaris audit trails. Based on many years of intrusion detection research, eXpert-BSM's knowledge base detects a wide range of specific and general forms of misuse, provides detailed reports and recommendations to the system operator, and has a low false-alarm rate. Host-based intrusion detection offers the ability to detect misuse and subversion through the direct monitoring of processes inside the host, providing an
more » ... portant complement to network-based surveillance. Suites of eXpert-BSMs may be deployed throughout a network, and their alarms managed, correlated, and acted on by remote or local subscribing security services, thus helping to address issues of decentralized management. Inside the host, eXpert-BSM is intended to operate as a true security daemon for host systems, consuming few CPU cycles and very little memory and secondary storage. eXpert-BSM has been available for download on the Internet since April 2000, and has been successfully deployed in several production environments.
doi:10.1109/acsac.2001.991540 dblp:conf/acsac/LindqvistP01 fatcat:xb5zmzmfujei5eoon7j4cnnma4