![]() In: Proceedings of the Network and Distributed System Security Symposium. King, S.T., Mao, Z.M., Lucchetti, D.G., Chen, P.M.: Enriching intrusion alerts through multi-host causality. In: Proceedings of the Nineteenth ACM Symposium on Operating Systems Principles, pp. King, S.T., Chen, P.M.: Backtracking intrusions. Accessed įriedberg, I., Skopik, F., Settanni, G., Fiedler, R.: Combating advanced persistent threats: from network event correlation to incident detection. įacebook: osquery | Easily ask questions about your Linux, Windows, and macOS infrastructure. ![]() ĭreger, H., Kreibich, C., Paxson, V., Sommer, R.: Enhancing the accuracy of network-based intrusion detection with host-based context. Ĭai, M., Hwang, K., Kwok, Y.K., Song, S., Chen, Y.: Collaborative internet worm containment. USENIX Association (2015)īhatt, S., Manadhata, P.K., Zomlot, L.: The operational role of security information and event management systems. In: Proceedings of the 24th USENIX Conference on Security Symposium, pp. īates, A., Tian, D., Butler, K.R.B., Moyer, T.: Trustworthy whole-system provenance for the Linux Kernel. KeywordsĪlmgren, M., Lindqvist, U.: Application-integrated data collection for security monitoring. Our evaluation results indicate that a single Zeek instance can manage more than 870 osquery hosts and can attribute more than 96% of TCP connections to host-side applications and users in real-time. A distributed deployment enables it to scale with an arbitrary number of osquery hosts. The platform can be flexibly extended with own detection scripts using already correlated, but also additional and dynamically retrieved host data. Our platform can collect, process, and correlate host and network data at large scale, e.g., to attribute network flows to processes and users. For that, we propose the integrated open-source zeek-osquery platform that combines the Zeek IDS with the osquery host monitor. To overcome these limitations, we extend the scope of Network IDSs (NIDSs) with additional data from the hosts. ![]() However, encrypted communication limits their visibility and sophisticated attackers additionally try to evade their detection. Intrusion Detection Systems (IDSs) can analyze network traffic for signs of attacks and intrusions.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |