Applied software measurement: assuring productivity and quality
Applied software measurement: assuring productivity and quality
NADIR: an automated system for detecting network intrusion and misuse
Computers and Security
The design and implementation of tripwire: a file system integrity checker
CCS '94 Proceedings of the 2nd ACM Conference on Computer and communications security
The design and implementation of the 4.4BSD operating system
The design and implementation of the 4.4BSD operating system
Classification and detection of computer intrusions
Classification and detection of computer intrusions
Dummynet: a simple approach to the evaluation of network protocols
ACM SIGCOMM Computer Communication Review
Sendmail(2nd ed.)
SASI enforcement of security policies: a retrospective
Proceedings of the 1999 workshop on New security paradigms
Identification of host audit data to detect attacks on low-level IP vulnerabilities
Journal of Computer Security
Intrusion detection using autonomous agents
Computer Networks: The International Journal of Computer and Telecommunications Networking - Special issue on recent advances in intrusion detection systems
Linux Kernel Internals
Cisco Secure Intrusion Detection Systems
Cisco Secure Intrusion Detection Systems
Software Error Analysis
An Architecture for Intrusion Detection Using Autonomous Agents
ACSAC '98 Proceedings of the 14th Annual Computer Security Applications Conference
A Sense of Self for Unix Processes
SP '96 Proceedings of the 1996 IEEE Symposium on Security and Privacy
Analysis of a Denial of Service Attack on TCP
SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
Application Intrusion Detection
Application Intrusion Detection
An immunological model of distributed detection and its application to computer security
An immunological model of distributed detection and its application to computer security
Using internal sensors for computer intrusion detection
Using internal sensors for computer intrusion detection
Automated response using system-call delays
SSYM'00 Proceedings of the 9th conference on USENIX Security Symposium - Volume 9
FormatGuard: automatic protection from printf format string vulnerabilities
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Intrusion detection using sequences of system calls
Journal of Computer Security
An adaptive expert system approach for intrusion detection
International Journal of Security and Networks
The impact of information security breaches: Has there been a downward shift in costs?
Journal of Computer Security
Intrusion Detection: Characterising intrusion detection sensors
Network Security
Intrusion Detection: Towards scalable intrusion detection
Network Security
Review: An intrusion detection and prevention system in cloud computing: A systematic review
Journal of Network and Computer Applications
Hi-index | 0.00 |
We introduce the concept of using internal sensors to perform intrusion detection in computer systems. We show its practical feasibility and discuss its characteristics, related design and implementation issues.We introduce a classification of data collection mechanisms for intrusion detection systems. At a conceptual level, these mechanisms are classified as direct and indirect monitoring. At a practical level, direct monitoring can be implemented using external or internal sensors. Internal sensors provide advantages with respect to reliability, completeness, timeliness and volume of data, in addition to efficiency and resistance against attacks.We introduce an architecture called ESP as a framework for building intrusion detection systems based on internal sensors. We describe in detail a prototype implementation based on the ESP architecture and introduce the concept of embedded detectors as a mechanism for localized data reduction. Our implementation shows that it is possible to build both specific (specialized for a certain intrusion) and generic (able to detect different types of intrusions) detectors.Performance testing of the ESP implementation shows the impact that embedded detectors can have on a computer system. Detection testing shows that embedded detectors have the capability of detecting a significant percentage of new attacks.