Title :
A study of host-based IDS using system calls
Author :
Yasin, M.M. ; Awan, Awais A.
Author_Institution :
Fac. of Comput. Sci. & Eng., Ghulam Ishaq Khan Inst., Topi, Pakistan
Abstract :
Intrusion detection systems (IDS) are complimentary to other security mechanisms such as access control and authentication. While signature based IDS are limited to known attacks only, anomaly based IDS are capable of detecting novel attacks. However, anomaly based systems usually trade performance for efficiency. We analyze various anomaly based IDS and list the strengths and weaknesses of different schemes. We conclude that the abstract stack model proposed by D. Wagner and D. Dean (see Proc. IEEE Symp. on Security and Privacy, 2001) shows best performance in detecting various types of attacks, while it suffers from substantial runtime overhead owing to its non deterministic nature. In a recently published approach utilizing code instrumentation, J.T. Giffin et al. (see Proc. NDSS Conf., 2004) minimize the runtime overhead while approaching the detection capability of the abstract stack model.
Keywords :
computer networks; security of data; telecommunication security; abstract stack model; access control; anomaly based IDS; authentication; code instrumentation; host-based IDS; intrusion detection systems; runtime overhead; security mechanisms; system calls; Access control; Authentication; Computer bugs; Computer science; Computer security; Design engineering; Information security; Information systems; Intrusion detection; Runtime;
Conference_Titel :
Networking and Communication Conference, 2004. INCC 2004. International
Print_ISBN :
0-7803-8325-7
DOI :
10.1109/INCC.2004.1366573
