Add to ORKGWe investigate how system call-based intrusion detectors can be made more resistant against mimicry attacks. We show that by including extra information such as system call arguments, return values, and identity of the user responsible for the calls, the attacker\u27s options of constructing successful attacks are significantly reduced, in particular with respect to the use of no-op system calls. For our investigation, we add extra information to two system call-based detection algorithms - one distance-based and one sequence-based - that normally operate on system call names only. We then create two mimicry attacks which avoid detection by the original detectors but are revealed when the extra information is used. Our investigation shows t...
Intrusion detection systems rely on a wide variety of observable data to distinguish between legitim...
Many host-based anomaly detection systems monitor a process ostensibly running a known program by ob...
Intrusion detection systems rely on a wide variety of observ-able data to distinguish between legiti...
We investigate how system call-based intrusion detectors can be made more resistant against mimicry ...
We investigate how system call-based detection mechanisms can be made more resistant against mimicry...
We investigate how system call-based detection mechanisms can be made more resistant against mimicry...
Host-based intrusion detection systems monitor systems in operation for significant deviations from ...
Beginning with the work of Forrest et al, several researchers have developed intrusion detection tec...
Intrusion detection systems that monitor sequences of system calls have recently become more sophist...
In cyber security, engineers need to devise ways to protect their systems from hackers. One of the w...
Intrusion Detection Systems (IDSs) that operate on the principle of system call monitoring are known...
An intrusion detection system (IDS) aims at signalling an alarm for every ac- tivity that compromise...
Many host-based anomaly detection systems monitor a process ostensibly running a known program by ob...
Intrusion detection systems rely on a wide variety of observable data to distinguish between legitim...
this paper presents a novel anomaly detection approach that takes into account the information conta...
Intrusion detection systems rely on a wide variety of observable data to distinguish between legitim...
Many host-based anomaly detection systems monitor a process ostensibly running a known program by ob...
Intrusion detection systems rely on a wide variety of observ-able data to distinguish between legiti...
We investigate how system call-based intrusion detectors can be made more resistant against mimicry ...
We investigate how system call-based detection mechanisms can be made more resistant against mimicry...
We investigate how system call-based detection mechanisms can be made more resistant against mimicry...
Host-based intrusion detection systems monitor systems in operation for significant deviations from ...
Beginning with the work of Forrest et al, several researchers have developed intrusion detection tec...
Intrusion detection systems that monitor sequences of system calls have recently become more sophist...
In cyber security, engineers need to devise ways to protect their systems from hackers. One of the w...
Intrusion Detection Systems (IDSs) that operate on the principle of system call monitoring are known...
An intrusion detection system (IDS) aims at signalling an alarm for every ac- tivity that compromise...
Many host-based anomaly detection systems monitor a process ostensibly running a known program by ob...
Intrusion detection systems rely on a wide variety of observable data to distinguish between legitim...
this paper presents a novel anomaly detection approach that takes into account the information conta...
Intrusion detection systems rely on a wide variety of observable data to distinguish between legitim...
Many host-based anomaly detection systems monitor a process ostensibly running a known program by ob...
Intrusion detection systems rely on a wide variety of observ-able data to distinguish between legiti...