Mechanisms for attack protection on a prevention framework

Abstract

Current research in intrusion detection systems (IDSs), targeted towards preventing computer attacks, is mainly focused on improving detection and reaction mechanisms, without presetting the protection of the system itself. This way, if an attacker compromises the security of the detection system, she may be able to disarm the detection or reaction mechanisms, as well as delete log entries that may reveal her actions. Given this scenario, we introduce in this paper the use of an access control mechanism, embedded into the operating system's kernel, to handle the protection of the system itself once it has been compromised by an attacker