1. A study of host-based IDS using system calls
- Author
-
Muhammad Mehboob Yasin and A.A. Awan
- Subjects
Authentication ,Security service ,Computer science ,Anomaly-based intrusion detection system ,business.industry ,Network Access Control ,Overhead (computing) ,Covert channel ,Access control ,Intrusion detection system ,Computer security model ,business ,Computer network - Abstract
Intrusion detection systems (IDS) are complimentary to other security mechanisms such as access control and authentication. While signature based IDS are limited to known attacks only, anomaly based IDS are capable of detecting novel attacks. However, anomaly based systems usually trade performance for efficiency. We analyze various anomaly based IDS and list the strengths and weaknesses of different schemes. We conclude that the abstract stack model proposed by D. Wagner and D. Dean (see Proc. IEEE Symp. on Security and Privacy, 2001) shows best performance in detecting various types of attacks, while it suffers from substantial runtime overhead owing to its non deterministic nature. In a recently published approach utilizing code instrumentation, J.T. Giffin et al. (see Proc. NDSS Conf., 2004) minimize the runtime overhead while approaching the detection capability of the abstract stack model.
- Published
- 2004