Off-line intrusion detection systems rely on logged data. However, the logging mechanism may be complicated and time-consuming and the amount of logged data tends to be very large. To counter these problems we suggest a very simple and cheap logging method, light-weight logging. It can be easily implemented on a Unix system, particularly on the Solaris operating system from Sun. It is based on logging every invocation of the exec(2) system call together with its arguments. We use data from realistic intrusion experiments to show the benefits of the proposed logging and in particular that this logging method consumes as little system resources as comparable methods, while still being more effective.
(From author)
eBook Licence: Copyrighted (For personal Use only)
Free ebook to download in PDF format - 44 Ko - 14 pages
Electronic books 
