DocumentCode
3429190
Title
Intrusion Detection Using a PCB and IP address
Author
Park, JangSu ; Ahn, Byoungchul ; Cho, Haengrae
Author_Institution
Yeungnam Univ., Gyungsan
fYear
2007
fDate
22-24 Aug. 2007
Firstpage
223
Lastpage
226
Abstract
It is typical to patch vulnerability codes after incidents occur. It requires a lot of time and effort to recover system damage by intrusions. It is necessary to detect and block intrusions by boosting the durability of systems. This paper proposes a robust method to prevent intrusions by the self-monitoring intrusion system instead of system administrators in Linux system. This method, IDIP, monitors every new scheduled process and checks the intrusion possibilities using IP information of processes. It might be implemented on kernel and a user space process. The proposed method is implemented and tested on Linux, monitors the root privileged processes and increases the level of system security. To test the proposed method, exploit codes are used to attack the vulnerable programs. Although the proposed method is implemented in Linux system, it is applicable to other operating systems.
Keywords
Linux; security of data; IP information; Linux system; block intrusions; intrusion detection; patch vulnerability codes; self-monitoring intrusion system; Boosting; Buffer overflow; Computer crime; Information security; Internet; Intrusion detection; Kernel; Linux; Operating systems; Robustness;
fLanguage
English
Publisher
ieee
Conference_Titel
Communications, Computers and Signal Processing, 2007. PacRim 2007. IEEE Pacific Rim Conference on
Conference_Location
Victoria, BC
Print_ISBN
978-1-4244-1189-4
Electronic_ISBN
1-4244-1190-4
Type
conf
DOI
10.1109/PACRIM.2007.4313216
Filename
4313216
Link To Document