Yue Shen,Fei Yu,Ling-Fen Zhang,Ji-Yao An,Miao-Liang Zhu

DOI: https://doi.org/10.1109/CANET.2005.1598184

2005-01-01

Abstract:Intrusion detection is an efficient way to protect information system. This paper puts forward a new method of anomalous intrusion detection based on system call. It uses system calls regarded as input, and creates a FSA for the functions in the program. Then the FSA is used to detect the attack. Moreover, It can find the place of the vulnerability which exists in the program. This can help to alter the source program. Results are shown that this method is effective for some intrusion events.

ZHANG Jun,SU Pu-rui,FENG Deng-guo

2006-01-01

Journal of Computer Applications

Abstract:The technology of Intrusion Detection is one of the important measures to protect the networks.Host-based intrusion detection is used to protect the key hosts.A flexible loading intrusion detection based on system-call was introduced in this paper.This system improved the common data collection method,and adopted virtual equipment driversto acquire system call.This method brings small influence on system,is easy to load and unload,and provides the standard interface. The data analysis integrates the two detection methods: anomaly and misuse,which provides corresponding detection models and introduces the noise filtering function.

Yong-mei GAO,Ji-yi WU,Ling-di PING

DOI: https://doi.org/10.3969/j.issn.1673-629X.2009.08.039

2009-01-01

Abstract:Owing to many new characteristics such as central-less control and multi-hop communication,the security situation is more rigorous than that in the traditional Ad hoc network.Especially,when the number of nodes increase,the difficulty of building network,network availability and network security will be influenced badly.After the particular analysis of Sergio Marti's Watchdog and Pathrater arithmetic,intrusion detection system called SuperWatchdog,as the improved solution,was introduced to overcome the weakness of Watchdog.The main feature of the proposed system is its ability to discover malicious nodes which can partition the network by falsely reporting other nodes as misbehaving and then proceeds to protect the network.Simulation results show that our system decrease the overhead greatly,though it does not increase the throughput obviously.

Ming Liu,Zhi Xue,Xianghua Xu,Changmin Zhong,Jinjun Chen

DOI: https://doi.org/10.1145/3214304

2019-01-01

Abstract:In a contemporary data center, Linux applications often generate a large quantity of real-time system call traces, which are not suitable for traditional host-based intrusion detection systems deployed on every single host. Training data mining models with system calls on a single host that has static computing and storage capacity is time-consuming, and intermediate datasets are not capable of being efficiently handled. It is cumbersome for the maintenance and updating of host-based intrusion detection systems (HIDS) installed on every physical or virtual host, and comprehensive system call analysis can hardly be performed to detect complex and distributed attacks among multiple hosts. Considering these limitations of current system-call-based HIDS, in this article, we provide a review of the development of system-call-based HIDS and future research trends. Algorithms and techniques relevant to system-call-based HIDS are investigated, including feature extraction methods and various data mining algorithms. The HIDS dataset issues are discussed, including currently available datasets with system calls and approaches for researchers to generate new datasets. The application of system-call-based HIDS on current embedded systems is studied, and related works are investigated. Finally, future research trends are forecast regarding three aspects, namely, the reduction of the false-positive rate, the improvement of detection efficiency, and the enhancement of collaborative security.

Ming Liu,Zhi Xue,Xianghua Xu,Changmin Zhong,Jinjun Chen

DOI: https://doi.org/10.1145/3214304

IF: 16.6

2019-01-01

ACM Computing Surveys

Abstract:In a contemporary data center, Linux applications often generate a large quantity of real-time system call traces, which are not suitable for traditional host-based intrusion detection systems deployed on every single host. Training data mining models with system calls on a single host that has static computing and storage capacity is time-consuming, and intermediate datasets are not capable of being efficiently handled. It is cumbersome for the maintenance and updating of host-based intrusion detection systems (HIDS) installed on every physical or virtual host, and comprehensive system call analysis can hardly be performed to detect complex and distributed attacks among multiple hosts. Considering these limitations of current system-call-based HIDS, in this article, we provide a review of the development of system-call-based HIDS and future research trends. Algorithms and techniques relevant to system-call-based HIDS are investigated, including feature extraction methods and various data mining algorithms. The HIDS dataset issues are discussed, including currently available datasets with system calls and approaches for researchers to generate new datasets. The application of system-call-based HIDS on current embedded systems is studied, and related works are investigated. Finally, future research trends are forecast regarding three aspects, namely, the reduction of the false-positive rate, the improvement of detection efficiency, and the enhancement of collaborative security.

WU Qing-tao,SHAO Zhi-qing

DOI: https://doi.org/10.3969/j.issn.1001-3695.2005.12.004

2005-01-01

Abstract:Intrusion detection,as one of the most active and important network security technology,can compensate the shortcomings of traditional security protection measure.Through building dynamic security cycle,it can promote the protection capacity of system and reduce the security threats as great as possible. An overview of basic issues on intrusion detection is shown in this paper,which is involved with three main aspects of intrusion detection,including Intrusion Detection System(IDS) architecture,intrusion detection methods and IDS evaluation.Firstly,three kinds of IDS architectures are analyzed.Then,current intrusion detection models are given,and their merits or shortcomings are discussed in detail.Finally,some future promi￣sing directions are presented.

Haojin Zhu

2007-01-01

Abstract:Monitoring program behavior is one of the highlighted research topics of host-based anomaly detection recently.The key is to construct a program behavior-based anomaly detection model.Some existing anomaly detection techniques based on system call sequences are analyzed and discussed in this paper.They are compared from three dimensions: the information extracted from system call,the system call level used in anomaly detection and the information recorded by anomaly detector.Future work in this direction is also presented.

Ling DONG,Hongli ZHANG,Lin YE

DOI: https://doi.org/10.3969/j.issn.2095-2163.2014.04.004

2014-01-01

Abstract:System calls are the interface between operating system and user programs.Execution of each program must use some system calls.In recent years,network security incidents occur frequently,intrusion detection method based on the system call sequence analysis has become one of the hot network security technology researches.This paper presents a multi-layer model of program behaviours based on both hidden Markov models and enumerating methods,which differs from the conventional single layer approach.On experimental data provided by the University of New Mexico,experimental results have shown that the model is better in detecting anomalous behaviour of programs in terms of accuracy and response time, which indicates that this method is suitable for online host -based intrusion detection systems.

DAI Hang,ZHANG Xin-Jia,ZOU Yi-Xin

2006-01-01

Microprocessors

Abstract:By analyzing the tradition intrusion detection system,we propose the mobile agent-based intrusion detection system by introducing mobile agent theory.The system construction and working flow are devised in the paper.The result tells us IDS based on mobile agent is effective.

Ansam Khraisat,Iqbal Gondal,Peter Vamplew,Joarder Kamruzzaman

DOI: https://doi.org/10.1186/s42400-019-0038-7

2019-07-17

Abstract:Cyber-attacks are becoming more sophisticated and thereby presenting increasing challenges in accurately detecting intrusions. Failure to prevent the intrusions could degrade the credibility of security services, e.g. data confidentiality, integrity, and availability. Numerous intrusion detection methods have been proposed in the literature to tackle computer security threats, which can be broadly classified into Signature-based Intrusion Detection Systems (SIDS) and Anomaly-based Intrusion Detection Systems (AIDS). This survey paper presents a taxonomy of contemporary IDS, a comprehensive review of notable recent works, and an overview of the datasets commonly used for evaluation purposes. It also presents evasion techniques used by attackers to avoid detection and discusses future research challenges to counter such techniques so as to make computer systems more secure.

computer science, information systems, interdisciplinary applications, software engineering

Liu Hua Yeo,Xiangdong Che,Shalini Lakkaraju

DOI: https://doi.org/10.48550/arXiv.1708.07174

2017-08-23

Cryptography and Security

Abstract:Intrusion detection systems (IDS) help detect unauthorized activities or intrusions that may compromise the confidentiality, integrity or availability of a resource. This paper presents a general overview of IDSs, the way they are classified, and the different algorithms used to detect anomalous activities. It attempts to compare the various methods of intrusion techniques. It also describes the various approaches and the importance of IDSs in information security.

Panhong Wang,Liang Shi,Beizhan Wang,Yuanqin Wu

DOI: https://doi.org/10.1109/ICCSE.2010.5593839

2010-01-01

Abstract:Intrusion detection based on System calls is a very important domain of anomaly detection, this paper firstly introduces the basic idea of Hidden Markov Model (HMM) based intrusion detection, and then expounds its current development with comparisons about the merits and shortcomings to the current mainstream technologies, by the way, presenting some further discussions upon the future direction of the HMM-based intrusion detection.

徐漫江,曹元大

DOI: https://doi.org/10.3969/j.issn.1001-0645.2004.04.017

2004-01-01

Abstract:Correlation between system calls at different positions is defined based on local theory of programming. A fuzzy matching method, which works between the real system call serial and normal system call serial is presented, using the correlation defined. This method can be used to judge whether the program is running normally and therefore used for intrusion detection. A host based intrusion detection system using the method described above is presented and its system structure, as well as the relation among modules, principle and design of the module are given in detail. A test-bed was used to test the intrusion detection system and the test results used to show the validity of the method.

Shi Pu,Bo Lang

DOI: https://doi.org/10.1007/978-3-540-74171-8_65

2007-01-01

Abstract:System call sequences are useful criteria to judge the behaviors of processes. How to generate an efficient matching algorithm and how to build up an implementable system are two of the most difficult problems. In this paper, we explore the possibility of extending consecutive system call to incorporate temporal signature to the Host-based Intrusion Detection System. In this model, we use the real-time detected system call sequences and their consecutive time interval as the data source, and use temporal signature to filter the real model. During the monitoring procedure, we use data mining methods to analyze the source dynamically and implement incremental learning mechanism. Through studying small size samples and incremental learning, the detecting ability of the system can be still good when the sample's size is small. This paper also introduces the key technologies to build such a system, and verifies this intrusion detection method in real time environment. Finally, this paper gives the experiments results to verify the availability and efficiency of our system.

王泽芳,陈小平,史烈

DOI: https://doi.org/10.3969/j.issn.1000-3428.2002.11.055

2002-01-01

Abstract:Intrustion detection system is very important in computer security.The article introduces the idea of intrusion detection based on system-call monitoring under Linux and the design of the corresponding model.

WANG Jun,WANG Chong-Jun,XIE Jun-Yuan,CHEN Shi-Fu

DOI: https://doi.org/10.3969/j.issn.1002-137x.2006.12.017

2006-01-01

Computer Science

Abstract:Intrusion detection is a proactive network security protection mechanism, which has become a research focus in the field of the network security. Since the Agent-based intrusion detection systems have the features of the distributed coordination processing and intelligence, many researchers attach great importance to it and it has become a research trend for the next generation intrusion detection systems. In this paper, we first introduce the history of the intrusion detection systems (IDS)and its classifications. And then some recent research development that related to the key aspects of static Agent-based intrusion detection systems and mobile Agent-based intrusion detections systems are deeply explored. And their development treads are also given. In the end, we present some possible research directions and challenges for Agent-based intrusion detection systems.

王文奇,郑秋生,吴婷,李伟华

DOI: https://doi.org/10.16208/j.issn1000-7024.2008.14.070

2008-01-01

Abstract:At present intrusion detection system(IDS) in high-speed network is a main point in security domain.The main problem and various restricted factors IDS faced in high-speed network is analyzed,and involved researches such as zero-copy technique and fast pattern matching model is introduced too.Finally,the distributed intrusion detection system based data-distribution is figured out as a good measure,and some remaining problems and emerging trends in this area is presented.

ZHAO Yu-ming,ZHANG Wei,teng SH

2007-01-01

Abstract:The technique of intrusion detection has become a focus in the field ofnetwork security. This paper introduced the categories of intrusion detection and the methods of data mining applied in abnormal detection. It also described the design and implementation of the abnormal IDS based on system call and data mining algorithms.