Title :
Investigating intrusion detection systems that use trails of system calls
Author :
Amer, Suhair Hafez ; Hamilton, John A.
Author_Institution :
Dept. of Comput. Sci. & Software Eng., Auburn Univ., Auburn, AL
Abstract :
Three intrusion detection systems that use trails of system calls have been investigated. The three techniques used to generate the pattern database have been adapted from sequence method, lookahead-pairs method and variable-length-with-overlap-relationship method. Testing against Trojan horse and denial of service attacks was analyzed. None of the systems is capable of defeating the system-call denial-of-service-attack. Modification is necessary to indicate maximum threshold value for the number of times a pattern may be contiguously repeated. Furthermore, Lookahead-pairs method had the best space cost performance with a window size less than 24.
Keywords :
computer networks; security of data; telecommunication network management; telecommunication security; Trojan horse; denial-of-service attacks; intrusion detection system; lookahead-pairs method; maximum threshold; pattern database; sequence method; system call trails; variable-length-with-overlap-relationship method; Computer crime; Computer science; Costs; Databases; Hamming distance; Intrusion detection; Invasive software; Monitoring; Software engineering; Testing; Host-based intrusion detection; lookahead-pairs method; sequence method; variable length with overlap relationship method;
Conference_Titel :
Performance Evaluation of Computer and Telecommunication Systems, 2008. SPECTS 2008. International Symposium on
Conference_Location :
Edinburgh
Print_ISBN :
978-1-56555-320-0
