Real-Time Intrusion Detection for Windows NT Based on Navy IT-21 Audit Policy

Abstract

A Navy directive orders the migration of Navy computer systems to an Internet-connected network of Windows NT workstations and servers. Windows NT possesses the security features of a class C2 computer system but does not offer a standard real-time host-based tool to process the security-event audit data to detect intrusions or misuse. We discuss what would entail in general. We also report on experiments with a sensor program, which resides on each workstation and server in the network and provides some real-time processing of NT host-based events. It passes information to an Agent that communicates to other Agents in the network, in an effort to identify and respond to an intrusion into the network. The Navy audit policy and the methods of implementing the policy are also investigated in this thesis.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Sep 01, 1999
Accession Number
ADA378151

Entities

People

  • H. S. Kremer

Organizations

  • Naval Postgraduate School

Tags

Communities of Interest

  • C4I
  • Cyber
  • Engineered Resilient Systems
  • Materials and Manufacturing Processes

DTIC Thesaurus Topics

  • Application Software
  • Computer Access Control
  • Computer Networks
  • Computer Programming
  • Computer Programs
  • Computers
  • Cybersecurity
  • Detection
  • Detectors
  • Information Systems
  • Intrusion
  • Intrusion Detection
  • Intrusion Detectors
  • Operating Systems
  • Security
  • Standards
  • Warning Systems

Readers

  • Cybersecurity.
  • Database Systems and Applications