Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other sites. SlideServe reserves the right to change this policy at anytime.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.
A Real-time Intrusion Detection System for UNIX
By: Koral Ilgun
User creates link
User executes file
euid(user) = root
euid(user) = not root
File ‘target’ is root’s setuid shell script that contains
the #!/bin/sh mechanism
I.e. a user (non-root) running an interactive shell
with an effective user id of root
Informs sys admin about results of the inference engine
Is compromise about to occur?
Has compromise occurred?
Play an active role in preempting the attack!
However, note that USTAT input comes from
the OS (Unix) audit log