{"title":"使用系统调用的基于主机的IDS的研究","authors":"M. Yasin, A.A. Awan","doi":"10.1109/INCC.2004.1366573","DOIUrl":null,"url":null,"abstract":"Intrusion detection systems (IDS) are complimentary to other security mechanisms such as access control and authentication. While signature based IDS are limited to known attacks only, anomaly based IDS are capable of detecting novel attacks. However, anomaly based systems usually trade performance for efficiency. We analyze various anomaly based IDS and list the strengths and weaknesses of different schemes. We conclude that the abstract stack model proposed by D. Wagner and D. Dean (see Proc. IEEE Symp. on Security and Privacy, 2001) shows best performance in detecting various types of attacks, while it suffers from substantial runtime overhead owing to its non deterministic nature. In a recently published approach utilizing code instrumentation, J.T. Giffin et al. (see Proc. NDSS Conf., 2004) minimize the runtime overhead while approaching the detection capability of the abstract stack model.","PeriodicalId":337263,"journal":{"name":"2004 International Networking and Communication Conference","volume":"12 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2004-06-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"25","resultStr":"{\"title\":\"A study of host-based IDS using system calls\",\"authors\":\"M. Yasin, A.A. Awan\",\"doi\":\"10.1109/INCC.2004.1366573\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Intrusion detection systems (IDS) are complimentary to other security mechanisms such as access control and authentication. While signature based IDS are limited to known attacks only, anomaly based IDS are capable of detecting novel attacks. However, anomaly based systems usually trade performance for efficiency. We analyze various anomaly based IDS and list the strengths and weaknesses of different schemes. We conclude that the abstract stack model proposed by D. Wagner and D. Dean (see Proc. IEEE Symp. on Security and Privacy, 2001) shows best performance in detecting various types of attacks, while it suffers from substantial runtime overhead owing to its non deterministic nature. In a recently published approach utilizing code instrumentation, J.T. Giffin et al. (see Proc. NDSS Conf., 2004) minimize the runtime overhead while approaching the detection capability of the abstract stack model.\",\"PeriodicalId\":337263,\"journal\":{\"name\":\"2004 International Networking and Communication Conference\",\"volume\":\"12 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2004-06-11\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"25\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2004 International Networking and Communication Conference\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/INCC.2004.1366573\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2004 International Networking and Communication Conference","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/INCC.2004.1366573","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Intrusion detection systems (IDS) are complimentary to other security mechanisms such as access control and authentication. While signature based IDS are limited to known attacks only, anomaly based IDS are capable of detecting novel attacks. However, anomaly based systems usually trade performance for efficiency. We analyze various anomaly based IDS and list the strengths and weaknesses of different schemes. We conclude that the abstract stack model proposed by D. Wagner and D. Dean (see Proc. IEEE Symp. on Security and Privacy, 2001) shows best performance in detecting various types of attacks, while it suffers from substantial runtime overhead owing to its non deterministic nature. In a recently published approach utilizing code instrumentation, J.T. Giffin et al. (see Proc. NDSS Conf., 2004) minimize the runtime overhead while approaching the detection capability of the abstract stack model.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
