Intrusion detection by monitoring system calls with POSIX capabilities

Takahiro Haruyama*, Hidenori Nakazato, Hideyoshi Tominaga

*この研究の対応する著者

研究成果: Article査読

抄録

Existing anomaly intrusion detection that monitors system calls has two problems: vast false positives and lack of risk information on detection. In order to solve the two problems, we propose an intrusion detection method called "Callchains." Callchains reduces the false positives of existing anomaly intrusion detection by restricting monitoring to the activities with process capabilities prescribed by POSIX 1003.1e. Additionally, Callchains provides an administrator information of used POSIX capabilities in sytem call execution as an indicator of risk. This paper shows Callchains' design, its implementation, and experimental results comparing Callchains with existing approaches.

本文言語English
ページ(範囲)2646-2654
ページ数9
ジャーナルIEICE Transactions on Communications
E90-B
10
DOI
出版ステータスPublished - 2007

ASJC Scopus subject areas

  • ソフトウェア
  • コンピュータ ネットワークおよび通信
  • 電子工学および電気工学

フィンガープリント

「Intrusion detection by monitoring system calls with POSIX capabilities」の研究トピックを掘り下げます。これらがまとまってユニークなフィンガープリントを構成します。

引用スタイル