[Cohen95-2] F. Cohen, Process Audit for Near-Real-Time Intrusion Detection, IFIP-TC11, `Computers and Security' (submitted 1995) [This paper describes the use of information from the Unix process table to detect intrusions into well-controlled environments in near-real-time. The advantages of this technique are that the same information used to grant privilege is used to detect excessive privilege and that information is readily available and quickly analyzed.]