Head of School's Welcome Mayne Hall Floorplan Programme Location Sponsors Student Project List Prizes Gallery Acknowledgements
ITEE Innovation Expo 2001 QR CSEE Innovation Expo 2000
| Home » Student Projects » s369589 |
Intrusion Detection
Student: Trevor Scott Norvill
Supervisor: Dr. Mark Schulz
Category: Computer Systems Engineering Thesis Project
This Thesis is focused on Auditing and event correlation. A system is developed to help system administrators analyse system attacks in response to alerts from Intrusion Detection Systems. The system is aimed at identifying information leakage between files and processes. In addition, the system also aims to identify illegal user command activity and system attacks.
The system is based on Linux and correlates Kernel audit data with shell history data. In addition, File accesses are correlated into a per session audit log. A query engine is written to analyse multiple audit logs. This system is a prototype and further work will evolve from it.
Poster Presentation (PDF)
Thesis Document (PDF)