Abstract
In this paper, we propose an intrusion detection and prevention system using sensor objects that are a kind of trap and are accessible only by the programs that are allowed by the system. Any access to the sensor object by disallowed programs or any transmission of the sensor object to outside of the system is regarded as an intrusion. In such case, the proposed system logs the related information on the process as well as the network connections, and terminates the suspicious process to prevent any possible intrusion. By implementing the proposed method as Loadable Kernel Module (LKM) in the Linux, it is impossible for any process to access the sensor objects without permission. In addition, the security policy will be dynamically applied at run time. Experimental results show that the security policy is enforced with negligible overhead, compared to the performance of the unmodified original system.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Ranum, M.J.: Experiences Benchmarking Intrusion Detection Systems, NFR Security Technical Publications (December 2001), http://www.nfr.com
Understanding Heuristics: Symantec’s Bloodhound Technology. Symantec White Paper Series Volume XXXIV
ISO/IEC WD 18043 (SC 27 N 3180): Guidelines for the implementation, operation and management of intrusion detection systems (IDS) (04-26-2002)
Lindqvist, U., Porras, P.: Detecting Computer and Network Misuse through the Production-Based Expert System Toolset (P-BEST). In: Proceedings of the Symposium on Security and Privacy (1999)
Kumar, S., Spafford, E.H.: A Pattern Matching Model for Misuse Intrusion Detection. In: Proceedings of the 17th National Computer Security Conference (1994)
Michael, C.C., Ghosh, A.: Simple, state-based approaches to program-based anomaly detection. ACM Transactions on Information and System Security 5(3) (2002)
Stolfo, S.J., et al.: Anomaly Detection in Computer Security and an Application to File System Accesses. In: Proceedings of 15th International Symposium of Foundations of Intelligent Systems (2005)
Sekar, R., et al.: Intrusion Detection: Specification-based anomaly detection: a new approach for detecting network intrusions. In: Proceedings of the 9th ACM conference on Computer and communications security (2002)
Sekar, R., Uppuluri, P.: Synthesizing Fast Intrusion Prevention/Detection Systems from High-Level Specifications. In: Proceedings of USENIX Security Symposium (1999)
Charras, C., Lecroq, T.: Handbook of Exact String-Matching Algorithms, http://www-igm.univ-mlv.fr/~lecroq/biblio_en.html
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Cho, S., Chang, HY., Kim, H., Choi, W. (2005). SoIDPS: Sensor Objects-Based Intrusion Detection and Prevention System and Its Implementation. In: Hao, Y., et al. Computational Intelligence and Security. CIS 2005. Lecture Notes in Computer Science(), vol 3802. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11596981_38
Download citation
DOI: https://doi.org/10.1007/11596981_38
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-30819-5
Online ISBN: 978-3-540-31598-8
eBook Packages: Computer ScienceComputer Science (R0)