Title :
Intrusion Detection Using a PCB and IP address
Author :
Park, JangSu ; Ahn, Byoungchul ; Cho, Haengrae
Author_Institution :
Yeungnam Univ., Gyungsan
Abstract :
It is typical to patch vulnerability codes after incidents occur. It requires a lot of time and effort to recover system damage by intrusions. It is necessary to detect and block intrusions by boosting the durability of systems. This paper proposes a robust method to prevent intrusions by the self-monitoring intrusion system instead of system administrators in Linux system. This method, IDIP, monitors every new scheduled process and checks the intrusion possibilities using IP information of processes. It might be implemented on kernel and a user space process. The proposed method is implemented and tested on Linux, monitors the root privileged processes and increases the level of system security. To test the proposed method, exploit codes are used to attack the vulnerable programs. Although the proposed method is implemented in Linux system, it is applicable to other operating systems.
Keywords :
Linux; security of data; IP information; Linux system; block intrusions; intrusion detection; patch vulnerability codes; self-monitoring intrusion system; Boosting; Buffer overflow; Computer crime; Information security; Internet; Intrusion detection; Kernel; Linux; Operating systems; Robustness;
Conference_Titel :
Communications, Computers and Signal Processing, 2007. PacRim 2007. IEEE Pacific Rim Conference on
Conference_Location :
Victoria, BC
Print_ISBN :
978-1-4244-1189-4
Electronic_ISBN :
1-4244-1190-4
DOI :
10.1109/PACRIM.2007.4313216
