Title :
Monitoring system calls for anomaly detection in modern operating systems
Author :
Eskandari, Soheila ; Khreich, Wael ; Murtaza, Syed Shariyar ; Hamou-Lhadj, Abdelwahab ; Couture, Mario
Author_Institution :
Software Behaviour Anal. (SBA) Res. Lab., Concordia Univ., Montreal, QC, Canada
Abstract :
Host-based intrusion detection systems monitor systems in operation for significant deviations from normal (and healthy) behaviour. Many approaches have been proposed in the literature. Most of them, however, do not consider even the basic attack prevention mechanisms that are activated by default on today´s many operating systems. Examples of such mechanisms include Address Space Layout Randomization and Data Execution Prevention. With such security methods in place, attackers are forced to perform additional actions to circumvent them. In this research, we conjecture that some of these actions may require the use of additional system calls. If so, one can trace such attacks to discover attack patterns that can later be used to enhance the detection power of anomaly detection systems. The purpose of this short paper is to motivate the need to investigate the impact of attack on system calls while trying to overcome these prevention mechanisms.
Keywords :
operating systems (computers); security of data; system monitoring; address space layout randomization; anomaly detection; attack prevention mechanisms; data execution prevention; host-based intrusion detection systems; operating systems; security methods; system call monitoring; system calls; Intrusion detection; Kernel; Layout; Monitoring; Address space layout randomization; Host-Based Intrusion Detection Systems; data execution prevention; software security and reliability;
Conference_Titel :
Software Reliability Engineering Workshops (ISSREW), 2013 IEEE International Symposium on
Conference_Location :
Pasadena, CA
DOI :
10.1109/ISSREW.2013.6688856
