System and method for state transition intrusion detection
A system and method for state transition intrusion detection is provided. The system and method employ a state transition file, containing a listing or table of all available state transitions associated with a given operation. A log file is then generated using state transition data gathered during...
Gespeichert in:
| Hauptverfasser: | , |
|---|---|
| Format: | Patent |
| Sprache: | eng |
| Schlagworte: | |
| Online-Zugang: | Volltext bestellen |
| Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
| Zusammenfassung: | A system and method for state transition intrusion detection is provided. The system and method employ a state transition file, containing a listing or table of all available state transitions associated with a given operation. A log file is then generated using state transition data gathered during the performance of a given operation. Depending upon the instructions present in the state transition file, one or more state transitions in the log file are digitally signed. To determine if an intrusion has occurred, the log file is analyzed, state transition by state transition. This analysis is accomplished by comparing the signatures associated with the state transitions in the log file with those signatures contained in the state transition file, thereby detecting any erroneous signatures. Each operation capable of being performed is accounted for in the state transition file such that all available state transitions associated with the operation are stored in the file. The type of operation represented in the log file is then determined and the transitions contained in the log file are compared to those transitions associated with the operation type in the state transition file. Any missing state transitions denote tampering or modification of the log file, indicating an intrusion, whereupon an administrator is notified. |
|---|