Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Using System Call Information to Reveal Hidden Attack Manifestations
Karlstad University, Faculty of Economic Sciences, Communication and IT, Department of Computer Science. Karlstad University, Faculty of Economic Sciences, Communication and IT, Centre for HumanIT.
2010 (English)Conference paper, (Refereed)
Abstract

We investigate how system call-based intrusion detectors can be made more resistant against mimicry attacks. We show that by including extra information such as system call arguments, return values, and identity of the user responsible for the calls, the attackers options of constructing successful attacks are significantly reduced, in particular with respect to the use of no-op system calls. For our investigation, we add extra information to two system call-based detection algorithms one distance-based and one sequence-based that normally operate on system call names only. We then create two mimicry attacks which avoid detection by the original detectors but are revealed when the extra information is used. Our investigation shows that by providing the extra information to the detector the attackers options of constructing successful and undetected attacks decreases drastically

Place, publisher, year, edition, pages
Piscataway, NJ, USA: IEEE , 2010.
National Category
Computer Science
Research subject
Computer Science
Identifiers
URN: urn:nbn:se:kau:diva-11056ISBN: 9788299710510 (print)OAI: oai:DiVA.org:kau-11056DiVA: diva2:494621
Conference
Post-Proceedings of the 1st International Workshop on Security and Communication Networks (IWSCN 2009)
Available from: 2012-02-08 Created: 2012-02-08 Last updated: 2013-06-12Bibliographically approved

Open Access in DiVA

No full text

Other links

http://ieeexplore.ieee.org/xpl/freeabs_all.jsp?arnumber=5683048http://ieeexplore.ieee.org/xpl/freeabs_all.jsp?arnumber=5683048

Search in DiVA

By author/editor
Lindskog, Stefan
By organisation
Department of Computer ScienceCentre for HumanIT
Computer Science

Search outside of DiVA

GoogleGoogle Scholar

Total: 324 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf