Robust Host Anomaly Detector Using Strong Isolation

Author

Xinguang, Peng ; Yanyan, Zhang

Author_Institution

Dept. of Comput. Sci. & Technol., Taiyuan Univ. of Technol., Taiyuan

Volume

3

fYear

2008

fDate

12-14 Dec. 2008

Firstpage

575

Lastpage

578

Abstract

Current operating systems become greater and complex increasingly and a great lot of vulnerabilities and hidden risks are in existence. Host-based intrusion detector is subject to attack relative to network-based intrusion detection because operating systems provide poor isolation. An alterative architecture and method used for host anomaly detector are proposed by making use of the SKAS mode of User Mode Linux Virtual Machine Monitor to enhance the survivability and robustness of anomaly detector on system calls. Even if attackers have gained unauthorized access to system services it is impossible for them to gain access chance to the anomaly detector because of strong space isolation. The primary experiments show that robustness, survivability and anomaly discriminating capability of host-based intrusion detector are improved.

Keywords

Linux; security of data; virtual machines; anomaly detector; intrusion detection; operating systems; user mode Linux virtual machine monitor; Computer architecture; Computer science; Detectors; Hardware; Intrusion detection; Isolation technology; Operating systems; Robustness; Virtual machine monitors; Virtual machining; anomaly detection; robustness; system calls; system security; virtual machine;

fLanguage

English

Publisher

ieee

Conference_Titel

Computer Science and Software Engineering, 2008 International Conference on

Conference_Location

Wuhan, Hubei

Print_ISBN

978-0-7695-3336-0

Type

conf

DOI

10.1109/CSSE.2008.993

Filename

4722409