Abstract
Malicious attackers in an enterprise environment have a higher percentage of internal than external. This is because it is easy for internal users to gather service environment information and access service. A malicious attacker who has access to the system can access various information and leak or modify important information. For safe service operation, a behavior audit function is required to identify and deny unauthorized behavior by checking users accessing the system. However, the current OS only provides limited audit functions such as network or system resource monitoring and process listing. In this study, we propose a TTY session audit technique that can check the command input by the user accessing the Linux environment and the resulting message. To verify the effectiveness of the proposed technique, the function and performance are checked after empirical implementation. If the user behavior monitoring technique proposed in this study is applied to an enterprise environment, it can support safe service operation by monitoring the user behavior. However, this study focus on TTY session audit, suggested technique cannot provide background processing monitoring. Therefore, additional research on this is necessary.
This research was supported by the Tongmyong University Research Grants no.2021A023.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Zhang, T., Shen, W., Lee, D., Jung, C., Azab, A.M., Wang, R.: A permission check analysis framework for Linux kernel. In: 28th USENIX Security Symposium (USENIX Security 19), pp. 1205–1220 (2019)
Nadler, A., Aminov, A., Shabtai, A.: Detection of malicious and low throughput data exfiltration over the DNS protocol. Comput. Secur. 80, 36–53 (2019)
Amith Raj, M.P., Kumar, A., Pai, S.J., Gopal, A.: Enhancing security of docker using Linux hardening techniques. In: 2016 2nd International Conference on Applied and Theoretical Computing and Communication Technology (iCATccT), pp. 94–99. IEEE (2016)
Pereira, R., Da Silva, M.M.: A maturity model for implementing ITIL V3 in practice. In: 2011 IEEE 15th International Enterprise Distributed Object Computing Conference Workshops, pp. 259–268. IEEE (2011)
Kamery, R.H.: The 21st century’s virtual corporation. In: Allied Academies International Conference. Academy of Legal, Ethical and Regulatory Issues. Proceedings, vol. 9, issue 1, p. 25. Jordan Whitney Enterprises Inc. (2005)
Werthmuller, D., Cook, M., Costello, J.: Constructing the New York State-Local Internet Gateway Prototype: A Technical View. Center for Technology in Government, Albany (2005)
Harsh, P., Ribera Laszkowski, J.F., Edmonds, A., Quang Thanh, T., Pauls, M., Vlaskovski, R., Avila-Garcia, O., Pages, E., Bellas, F.G., Gallego Carrillo, M.: Cloud enablers for testing large-scale distributed applications. In: Proceedings of the 12th IEEE/ACM International Conference on Utility and Cloud Computing Companion, pp. 35–42 (2019)
Jeon, Y., Rhee, J., Kim, C.H., Li, Z., Payer, M., Lee, B., Wu, Z.: Polper: process-aware restriction of over-privileged setuid calls in legacy applications. In: Proceedings of the Ninth ACM Conference on Data and Application Security and Privacy, pp. 209–220 (2019)
Xu, P., Zhang, Y., Eckert, C., Zarras, A.: HawkEye: cross-platform malware detection with representation learning on graphs. In: International Conference on Artificial Neural Networks, pp. 127–138. Springer, Cham (2021)
Bacis, E., Mutti, S., Paraboschi, S.: AppPolicyModules: mandatory access control for third-party apps. In: Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security, pp. 309–320 (2015)
Beuchelt, G.: UNIX and Linux security. In: Computer and Information Security Handbook, pp. 205–224. Morgan Kaufmann (2017)
Stanek, W.: Windows Group Policy: The Personal Trainer for Windows Server 2012 and Windows Server 2012 R2. Stanek & Associates (2015)
Nakamura, Y., Sameshima, Y., Yamauchi, T.: Reducing resource consumption of SELinux for embedded systems with contributions to open-source ecosystems. J. Inf. Process. 23(5), 664–672 (2015)
Zhu, H., Gehrmann, C.: Lic-Sec: an enhanced AppArmor Docker security profile generator. J. Inf. Secur. Appl. 61, 102924 (2021)
Mohsen, R., Pinto, A.M.: Evaluating obfuscation security: a quantitative approach. In: International Symposium on Foundations and Practice of Security, pp. 174–192. Springer, Cham (2015)
Acknowledgements
This research was supported by the Tongmyong University Research Grants no. 2021A023.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this chapter
Cite this chapter
Han, SH. (2023). TTY Session Audit Techniques for Linux Platform. In: Lee, R. (eds) Big Data, Cloud Computing, and Data Science Engineering. BCD 2022. Studies in Computational Intelligence, vol 1075. Springer, Cham. https://doi.org/10.1007/978-3-031-19608-9_8
Download citation
DOI: https://doi.org/10.1007/978-3-031-19608-9_8
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-19607-2
Online ISBN: 978-3-031-19608-9
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)