1,022 Hits in 4.0 sec

Mimicry attacks on host-based intrusion detection systems

David Wagner, Paolo Soto
2002 Proceedings of the 9th ACM conference on Computer and communications security - CCS '02  
) ) C % h U f ) C H ) C ' G B ¢ D " ) C U ' r I Y Generate equivalent attacks. ¦ ' E ! C ¢ d S 7 ¢ ¢ ¦ ! # § $ $ @ 9 f b T § f 9 ¢ c h § 9 ' h 8 S ¢ ( ¢ " ! # § E ) C ( S § E !  ...  g 4 B ¢ ¦ ) # § $ G I ¢ D ¦ ) C ' 7 q Ÿ Replace system call parameters. ( ' E ) C % ( ¢ ¦ ! ' 2 ( ¢ ¦ ! C § E ) C ' 7 G ) C % ( § E ) © ' 7 0 ) l D # % ( ¢ ¦ © ¢ D ' © $ ¢ ¦ ) C ¢ $ @ 9 P S ( ' !  ... 
doi:10.1145/586143.586145 fatcat:f6eyw4ermzcptp6xxrjh4mc7jm

Mimicry attacks on host-based intrusion detection systems

David Wagner, Paolo Soto
2002 Proceedings of the 9th ACM conference on Computer and communications security - CCS '02  
) ) C % h U f ) C H ) C ' G B ¢ D " ) C U ' r I Y Generate equivalent attacks. ¦ ' E ! C ¢ d S 7 ¢ ¢ ¦ ! # § $ $ @ 9 f b T § f 9 ¢ c h § 9 ' h 8 S ¢ ( ¢ " ! # § E ) C ( S § E !  ...  g 4 B ¢ ¦ ) # § $ G I ¢ D ¦ ) C ' 7 q Ÿ Replace system call parameters. ( ' E ) C % ( ¢ ¦ ! ' 2 ( ¢ ¦ ! C § E ) C ' 7 G ) C % ( § E ) © ' 7 0 ) l D # % ( ¢ ¦ © ¢ D ' © $ ¢ ¦ ) C ¢ $ @ 9 P S ( ' !  ... 
doi:10.1145/586110.586145 dblp:conf/ccs/WagnerS02 fatcat:patxtkuwjnenleeb6nvw6nnmgy

On the Use of Word Networks to Mimicry Attack Detection [chapter]

Fernando Godínez, Dieter Hutter, Raúl Monroy
2006 Lecture Notes in Computer Science  
Intrusion detection aims at raising an alarm any time the security of an IT system gets compromised. Though highly successful, Intrusion Detection Systems are all susceptible of mimicry attacks [1].  ...  A mimicry attack is a variation of an attack that attempts to pass by as normal behaviour.  ...  Regardless of which of these approaches is adopted, current Intrusion Detection Systems (IDSs) are easy to bypass with a mimicry attack.  ... 
doi:10.1007/11766155_30 fatcat:jedkrynb6fbm5kbshci26xcf64

Post-Attack Intrusion Detection using Log Files Analysis

Apurva S., Deepak R.
2015 International Journal of Computer Applications  
Intrusion detection systems are broadly classified as host based (HIDS) and network based intrusion detection systems (NIDS).  ...  In this paper a comparative study is done on different approaches for detecting intrusion on single host.  ...  Network based intrusion detection system Intrusion detection systems are broadly classified as Host based intrusion detection systems and network based intrusion detection.  ... 
doi:10.5120/ijca2015906731 fatcat:q2l6j4h25ve3zd56b6mcsc7zny

Adversarial attacks against intrusion detection systems: Taxonomy, solutions and open issues

Igino Corona, Giorgio Giacinto, Fabio Roli
2013 Information Sciences  
Intrusion Detection Systems (IDSs) are one of the key components for securing computing infrastructures. Their objective is to protect against attempts to violate defense mechanisms.  ...  To this end, we leverage on our research experience in the field of intrusion detection, as well as on a thorough investigation of the relevant related works published so far.  ...  Proactive Approaches against Mimicry Attacks: As described in Table I , in order to evade anomaly detection the adversary may craft intrusions to mimic legitimate patterns (mimicry attacks).  ... 
doi:10.1016/j.ins.2013.03.022 fatcat:gjmx55wlkbhq5cfmjcx5nh523e

A Survey of Anomaly Detection Techniques and Hidden Markov Model

Hemlata Sukhwani, Vikas Sharma, Sanjay Sharma
2014 International Journal of Computer Applications  
An Intrusion detection System is software that is used for the malicious activities performed in the network whether in wired or in wireless.  ...  be considered for the detection of intrusions.  ...  David Wagner and Paolo Soto has proposed and implemented mimicry attacks that are based on host-based intrusion detection systems.  ... 
doi:10.5120/16436-6151 fatcat:fpkdfsfcsjd53n3jhs5sukdkam

Intrusion detection and virology: an analysis of differences, similarities and complementariness

Benjamin Morin, Ludovic Mé
2007 Journal in Computer Virology  
In this paper, we analyze the differences, similarities and complementariness which exist between two major domains of nowadays information security: intrusion detection on one hand, virology and antiviruses  ...  technologies on the other hand.  ...  Host-based intrusion detection: Host-based intrusion detection systems (HIDS) take advantage of audit trails to monitor the activity of processes or users at the host level.  ... 
doi:10.1007/s11416-007-0036-2 fatcat:4brnvijahzco3jodouedfidy6a

Seurat: A Pointillist Approach to Anomaly Detection [chapter]

Yinglian Xie, Hyang-Ah Kim, David R. O'Hallaron, Michael K. Reiter, Hui Zhang
2004 Lecture Notes in Computer Science  
Based on this intuition, we have developed a method to detect similar, coincident changes to the patterns of file updates that are shared across multiple hosts.  ...  Our approach is based on a key observation that many host state transitions of interest have both temporal and spatial locality.  ...  Graph-based Intrusion Detection System (GrIDS) [29] detects intrusions by building a graph representation of network activity based on the report from all the hosts in a network.  ... 
doi:10.1007/978-3-540-30143-1_13 fatcat:mbfnm4iurfa3phyegqgndf7pby

Obfuscation of Malicious Behaviors for Thwarting Masquerade Detection Systems Based on Locality Features

Jorge Maestre Vidal, Marco Antonio Sotelo Monge
2020 Sensors  
This feature makes them susceptible to being discovered by dynamic user verification methods based on user profiling and anomaly-based intrusion detection.  ...  detection based on analyzing locality traits.  ...  Liu et al. distinguished three major groups of proposals based on the operational environment [15] : host-based, network-based and contextual-based masquerade detection systems; which are described below  ... 
doi:10.3390/s20072084 pmid:32272806 fatcat:kzwek2ag7jaqxehrvyepu3fnte

An Efficient Technique for Preventing Mimicry and Impossible Paths Execution Attacks

Danilo Bruschi, Lorenzo Cavallaro, Andrea Lanzi
2007 Performance, Computing and Communications Conference (IPCCC), IEEE International  
In this paper we propose a new strategy for dealing with the impossible path execution (IPE) and the mimicry attack in the N -gram based HIDS model.  ...  Our strategy is based on a kernel-level module which interacts with an underlying HIDS and whose main scope is to "randomize" sequences of system calls produced by an application to make them unpredictable  ...  Host-based IDSs mainly monitor operating system activities on specific hosts in order to detect intrusion attempts, while Network-based IDSs examine network traffic.  ... 
doi:10.1109/pccc.2007.358922 dblp:conf/ipccc/BruschiCL07 fatcat:cursxhlpo5aljfkzdx47plzv3e

Intrusion Detection using Hidden Markov Model

Sanjay KumarSharma, Manish Manoria
2015 International Journal of Computer Applications  
Also examines proposals incorporating Intrusion Detection Systems (IDS) in Cloud and types of attacks.  ...  In this paper, different intrusion detection and prevention techniques are studies which affect availability, confidentiality and integrity of Cloud resources and services.  ...  Reiter and Dawn Song proposed [2] Novel HMM based behavioral distance to detect carefully crafted mimicry attacks that would evade detection by a system that utilizes traditional host-based anomaly detection  ... 
doi:10.5120/20142-2264 fatcat:7yye4yboena2xkazskdifjuzv4

Payload Content based Network Anomaly Detection

Sandeep A. Thorat, Amit K. Khandelwal, Bezawada Bruhadeshwar, K. Kishore
2008 2008 First International Conference on the Applications of Digital Information and Web Technologies (ICADIWT)  
We present Payload Content based Network Anomaly Detection, we call as PCNAD. PCNAD is improvement to PAYL system which is considered one of the complete systems for payload based anomaly detection.  ...  PCNAD do payload based anomaly detection using initial few of these CPP partitions. We demonstrate usefulness of the PCNAD on the 1999 DARPA IDS data set.  ...  Snort [1] , Bro [13] are popular example of signature based intrusion detection system. Such systems use attack detection mechanism based on signatures of already known attacks or vulnerabilities.  ... 
doi:10.1109/icadiwt.2008.4664331 fatcat:qhug6vcyu5bn5nsbavvkijt4ci

Guarded models for intrusion detection

Hassen Saïdi
2007 Proceedings of the 2007 workshop on Programming languages and analysis for security - PLAS '07  
Host-based intrusion detection systems that monitor an application execution and report any deviation from its statically built model have seen tremendous progress in recent years.  ...  However, the weakness of these systems is that they often rely on overly abstracted models that reflect only the control flow structure of programs, and therefore are subject to so-called "mimicry attacks  ...  Current state-of-the-art host-based intrusion detection systems approaches struggle with several issues. The most important one is the precision of the model.  ... 
doi:10.1145/1255329.1255345 dblp:conf/pldi/Saidi07 fatcat:phohfrsdkzelzgyyptdtxa453y

Semantic Malware Resistance Using Inductive Invariants

Rachid Rebiha, Arnaldo Moura
2010 The International Journal of Forensic Computer Science  
We propose a host-based intrusion detection system using automatically generated models, where system calls are guarded by verification with pre-computed invariants.  ...  We also show that any malware or intrusion detection system based on a static analysis method will be strongly reinforced by the possession of a database of precompiled invariants.  ...  Guarded Monitors For Host-based Intrusion Detection Systems Host-based intrusion detection systems (H-IDS) monitor specific application execution in order to report any deviation from its model of permitted  ... 
doi:10.5769/j201001005 fatcat:3m7gt7cnvbb7fdogh7ck7b3qvu

Beyond Output Voting: Detecting Compromised Replicas Using HMM-Based Behavioral Distance

D. Gao, M.K. Reiter, D. Song
2009 IEEE Transactions on Dependable and Secure Computing  
Many host-based anomaly detection techniques have been proposed to detect code-injection attacks on servers.  ...  of one of them, has been proposed for detecting mimicry attacks.  ...  Behavioral distance [25] , [26] has been proposed to detect carefully crafted mimicry attacks that would evade detection by a system that utilizes traditional host-based anomaly detection or output  ... 
doi:10.1109/tdsc.2008.39 fatcat:kgi4bls2jbbxredeoww3wvj7ey
« Previous Showing results 1 — 15 out of 1,022 results