Host based attack detection using system calls

Authors:
Jestin Joy;Anita John
Affiliations:
Federal Institute of Science and Technology, Cochin, Kerala, India;Rajagiri School of Engineering and Technology, Cochin, Kerala, India
Venue:
Proceedings of the Second International Conference on Computational Science, Engineering and Information Technology
Year:
2012

Citing 10
Cited 0

The design and implementation of tripwire: a file system integrity checker

CCS '94 Proceedings of the 2nd ACM Conference on Computer and communications security
A Methodology to Detect and Characterize Kernel Level Rootkit Exploits Involving Redirection of the System Call Table

IWIA '04 Proceedings of the Second IEEE International Information Assurance Workshop (IWIA'04)
A Methodology to Detect and Characterize Kernel Level Rootkit Exploits Involving Redirection of the System Call Table

IWIA '04 Proceedings of the Second IEEE International Information Assurance Workshop (IWIA'04)
Detecting Kernel-Level Rootkits Through Binary Analysis

ACSAC '04 Proceedings of the 20th Annual Computer Security Applications Conference
Detecting Stealth Software with Strider GhostBuster

DSN '05 Proceedings of the 2005 International Conference on Dependable Systems and Networks
Detecting and Categorizing Kernel-Level Rootkits to Aid Future Detection

IEEE Security and Privacy
Anomalous system call detection

ACM Transactions on Information and System Security (TISSEC)
Automated detection of persistent kernel control-flow attacks

Proceedings of the 14th ACM conference on Computer and communications security
Countering kernel rootkits with lightweight hook protection

Proceedings of the 16th ACM conference on Computer and communications security
A sense of self for Unix processes

SP'96 Proceedings of the 1996 IEEE conference on Security and privacy

Quantified Score

Hi-index	0.00

Visualization

Abstract

As the dependence on network increased for accessing information, attackers targeted it for extracting information. Securing information in a networked environment became a challenge. Security systems can be employed in the host or in the network itself as a standalone entity. Host based detection systems can be broadly classified into either anomaly detection or misuse detection. Host based methods are more popular due to the low, cost and processing overhead involved, as compared to other mechanisms like virtualisation based detection. Due to its effectiveness, attackers now manipulate system calls for initiating an attack. Rootkits are the best example of these type of attacks. Kernel level rootkits manipulate system calls by different means to hide its existence. We used host based detection mechanism, where a Linux kernel module is used to extract information from the kernel. Our work proposes an efficient host based detection mechanism using unsupervised learning mechanism in a Linux based system.