Advertisement

SoIDPS: Sensor Objects-Based Intrusion Detection and Prevention System and Its Implementation

  • SeongJe Cho
  • Hye-Young Chang
  • HongGeun Kim
  • WoongChul Choi
Conference paper
  • 191 Downloads
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3802)

Abstract

In this paper, we propose an intrusion detection and prevention system using sensor objects that are a kind of trap and are accessible only by the programs that are allowed by the system. Any access to the sensor object by disallowed programs or any transmission of the sensor object to outside of the system is regarded as an intrusion. In such case, the proposed system logs the related information on the process as well as the network connections, and terminates the suspicious process to prevent any possible intrusion. By implementing the proposed method as Loadable Kernel Module (LKM) in the Linux, it is impossible for any process to access the sensor objects without permission. In addition, the security policy will be dynamically applied at run time. Experimental results show that the security policy is enforced with negligible overhead, compared to the performance of the unmodified original system.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Ranum, M.J.: Experiences Benchmarking Intrusion Detection Systems, NFR Security Technical Publications (December 2001), http://www.nfr.com
  2. 2.
    Understanding Heuristics: Symantec’s Bloodhound Technology. Symantec White Paper Series Volume XXXIVGoogle Scholar
  3. 3.
    ISO/IEC WD 18043 (SC 27 N 3180): Guidelines for the implementation, operation and management of intrusion detection systems (IDS) (04-26-2002) Google Scholar
  4. 4.
    Lindqvist, U., Porras, P.: Detecting Computer and Network Misuse through the Production-Based Expert System Toolset (P-BEST). In: Proceedings of the Symposium on Security and Privacy (1999)Google Scholar
  5. 5.
    Kumar, S., Spafford, E.H.: A Pattern Matching Model for Misuse Intrusion Detection. In: Proceedings of the 17th National Computer Security Conference (1994)Google Scholar
  6. 6.
    Michael, C.C., Ghosh, A.: Simple, state-based approaches to program-based anomaly detection. ACM Transactions on Information and System Security 5(3) (2002)Google Scholar
  7. 7.
    Stolfo, S.J., et al.: Anomaly Detection in Computer Security and an Application to File System Accesses. In: Proceedings of 15th International Symposium of Foundations of Intelligent Systems (2005)Google Scholar
  8. 8.
    Sekar, R., et al.: Intrusion Detection: Specification-based anomaly detection: a new approach for detecting network intrusions. In: Proceedings of the 9th ACM conference on Computer and communications security (2002)Google Scholar
  9. 9.
    Sekar, R., Uppuluri, P.: Synthesizing Fast Intrusion Prevention/Detection Systems from High-Level Specifications. In: Proceedings of USENIX Security Symposium (1999)Google Scholar
  10. 10.
    Charras, C., Lecroq, T.: Handbook of Exact String-Matching Algorithms, http://www-igm.univ-mlv.fr/~lecroq/biblio_en.html
  11. 11.

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • SeongJe Cho
    • 1
  • Hye-Young Chang
    • 1
  • HongGeun Kim
    • 2
  • WoongChul Choi
    • 3
  1. 1.Division of Information and Computer ScienceDanKook University 
  2. 2.Korea Information Security Agency 
  3. 3.Department of Computer ScienceKwangWoon University 

Personalised recommendations