Understanding The Linux Kernel
Understanding The Linux Kernel
Kernel korner: intro to inotify
Linux Journal
Accurate and Automated System Call Policy-Based Intrusion Prevention
DSN '06 Proceedings of the International Conference on Dependable Systems and Networks
System Call Monitoring Using Authenticated System Calls
IEEE Transactions on Dependable and Secure Computing
Intrusion detection using sequences of system calls
Journal of Computer Security
Application Sandbox Model Based on System Call Context
CMC '10 Proceedings of the 2010 International Conference on Communications and Mobile Computing - Volume 01
Intrusion Detection Based on Variable Prefix of System Call
NSWCTC '10 Proceedings of the 2010 Second International Conference on Networks Security, Wireless Communications and Trusted Computing - Volume 01
A gray-box DPDA-based intrusion detection technique using system-call monitoring
Proceedings of the 8th Annual Collaboration, Electronic messaging, Anti-Abuse and Spam Conference
System Call Interception Framework for Data Leak Prevention
EDOC '11 Proceedings of the 2011 IEEE 15th International Enterprise Distributed Object Computing Conference
Hi-index | 0.00 |
System call information has been one of the most important candidates for intrusion detection and forensic analysis research during the last several years. This paper focuses on extraction of system call information in terms of system call identifier from within the VFS layer of the Linux kernel. Treating the kernel as a trusted computing base, issues of accurate, authentic extraction of file timestamp metadata has been addressed in Das et al. 2012. In this research, we propose a method to extract the system call identifier from the kernel stack with an intention to strengthen the file timestamp metadata log with the system call identifier of the system call 'for which' the file timestamp metadata log is taken. This ensures a tight coupling based correlation between file timestamp extraction and identification of the event responsible for such an access, from within the kernel.