A.A. Abimbola
NetHost-sensor: Monitoring a target host's application via system calls
Abimbola, A.A.; Munoz, J.M.; Buchanan, W.J.
Abstract
Intrusion detection has emerged as an important approach to network, host and application security. Network security includes analysing network packet payload and other inert network packet profiles for intrusive trends; whereas, host security may employ system logs for intrusion detection. In this paper, we contribute to the research community by tackling application security and attempt to detect intrusion via differentiating normal and abnormal application behaviour. A method for anomaly intrusion detection for applications is proposed based on deterministic system call traces derived from a monitored target application's dynamic link libraries (DLLs). We isolate associated DLLs of a monitored target application; log system call traces of the application in real time and use heuristic method to detect intrusion before the application is fully compromised. Our investigative research experiment methodology and set-up are reported, alongside our experimental procedure and results that show our research effort is effective and efficient, and can be used in practice to monitor a target application in real time.
Journal Article Type | Article |
---|---|
Publication Date | 2006-01 |
Deposit Date | May 21, 2008 |
Journal | Information Security Technical Report |
Print ISSN | 1363-4127 |
Publisher | Elsevier |
Peer Reviewed | Peer Reviewed |
Volume | 11 |
Issue | 4 |
Pages | 166-175 |
DOI | https://doi.org/10.1016/j.istr.2006.10.003 |
Keywords | Intrusion detection; Network; Host; Application security; Dynamic link libraries; System calls; |
Public URL | http://researchrepository.napier.ac.uk/id/eprint/1834 |
Publisher URL | http://dx.doi.org/10.1016/j.istr.2006.10.003 |
You might also like
NetHost-Sensor: Investigating the capture of end-to-end encrypted intrusive data
(2006)
Journal Article
Investigating false positive reduction in HTTP via procedure analysis.
(2006)
Presentation / Conference Contribution
Enhancing intrusion detection via an active target host.
(2006)
Presentation / Conference Contribution
A framework to detect novel computer viruses via system calls.
(2006)
Presentation / Conference Contribution
Analysis and detection of cruising computer viruses.
(2004)
Presentation / Conference Contribution
Downloadable Citations
About Edinburgh Napier Research Repository
Administrator e-mail: repository@napier.ac.uk
This application uses the following open-source libraries:
SheetJS Community Edition
Apache License Version 2.0 (http://www.apache.org/licenses/)
PDF.js
Apache License Version 2.0 (http://www.apache.org/licenses/)
Font Awesome
SIL OFL 1.1 (http://scripts.sil.org/OFL)
MIT License (http://opensource.org/licenses/mit-license.html)
CC BY 3.0 ( http://creativecommons.org/licenses/by/3.0/)
Powered by Worktribe © 2024
Advanced Search