Abstract | ||
---|---|---|
In this paper we propose a new strategy for dealing with the impossible path execution (IPE) and the mimicry attack in the N-gram based HIDS model. Our strategy is based on a kernel-level module which interacts with an underlying HIDS and whose main scope is to "randomize" sequences of system calls produced by an application to make them unpredictable by any attacker We implemented a prototype of such a module on a Linux system in order to experimentally verify the feasibility and efficacy of our idea. The results obtained are quite encouraging, furthermore it turned out that our module is quite efficient, as it affected the performance of a testbed web server with a slowdown factor of only 5.9%. |
Year | DOI | Venue |
---|---|---|
2007 | 10.1109/PCCC.2007.358922 | 2007 IEEE INTERNATIONAL PERFORMANCE COMPUTING AND COMMUNICATIONS CONFERENCE, VOLS 1 AND 2 |
Keywords | Field | DocType |
random sequence,internet,prototypes,web server,host intrusion detection system,intrusion detection,hids,testing,linux | Host-based intrusion detection system,Computer science,Telecommunication security,Testbed,Computer network,Mimicry,Operating system,The Internet,Web server | Conference |
ISSN | Citations | PageRank |
1097-2641 | 8 | 0.53 |
References | Authors | |
9 | 3 |
Name | Order | Citations | PageRank |
---|---|---|---|
Danilo Bruschi | 1 | 771 | 70.35 |
Lorenzo Cavallaro | 2 | 886 | 52.85 |
Andrea Lanzi | 3 | 845 | 40.99 |