2004 International Networking and Communication Conference, 2004, p.36-41
2004
Volltextzugriff (PDF)
Details
- Autor(en) / Beteiligte
- Titel
- A study of host-based IDS using system calls
- Ist Teil von
- 2004 International Networking and Communication Conference, 2004, p.36-41
- Ort / Verlag
- IEEE
- Erscheinungsjahr
- 2004
- Quelle
- IEEE Electronic Library Online
- Beschreibungen/Notizen
- Intrusion detection systems (IDS) are complimentary to other security mechanisms such as access control and authentication. While signature based IDS are limited to known attacks only, anomaly based IDS are capable of detecting novel attacks. However, anomaly based systems usually trade performance for efficiency. We analyze various anomaly based IDS and list the strengths and weaknesses of different schemes. We conclude that the abstract stack model proposed by D. Wagner and D. Dean (see Proc. IEEE Symp. on Security and Privacy, 2001) shows best performance in detecting various types of attacks, while it suffers from substantial runtime overhead owing to its non deterministic nature. In a recently published approach utilizing code instrumentation, J.T. Giffin et al. (see Proc. NDSS Conf., 2004) minimize the runtime overhead while approaching the detection capability of the abstract stack model.
- Sprache
- Englisch
- Identifikatoren
- ISBN: 9780780383258, 0780383257DOI: 10.1109/INCC.2004.1366573Titel-ID: cdi_ieee_primary_1366573