DESIGN OF INTRUSION DETECTION SYSTEM AT USER LEVEL WITH SYSTEM-CALL INTERPOSING

Toshihiro Tabata, Kouichi Sakurai

2004

Abstract

As computers have become widely used, software vulnerability is now one of the most serious security threats. In particular, viruses and worms that use buffer overflow vulnerabilities are serious threats to computers. Therefore, techniques to detect the execution of malicious code are required when taking measures to prevent intrusion using such software vulnerabilities. An intrusion detection system is an example of such a defence mechanism against such attacks. The improvement in both false positive and false negative ratios, together with reduction of overhead are the problems to be overcome in an intrusion detection system. This paper presents the design of a user level intrusion detection system. This system can monitor the execution of target programs at both user and kernel levels. The access control function is divided between user and kernel. Access rights may also be checked with appropriate timing and with low overhead.

References

  1. Curry, T. W. (1994). Pro ling and tracing dynamic library usage via interposition. In USENIX Summer 1994 Technical Conference.
  2. Hofmeyr, S. A., Forrest, S., and Somayaji, A. (1998). Intrusion detection using sequences of system calls. In Journal of Computer Security, Vol.6, No.3.
  3. Jain, K. and Sekar, R. (2000). User-level infrastructure for system call interposition: A platform for intrusion detection and con nement. In In ISOC Network and Distributed System Security.
  4. Kuperman, B. A. and Spafford, E. (1998). Generation of application level audit data via library interposition. In CERIAS TR 99-11, COAST Laboratory, Purdue University, West Lafayette.
  5. Levine, J. (2000). Linkers and Loaders. Morgan Kaufmann.
  6. Oyama, Y., Wei, W., and Kato, K. (2003). Modularizing normal behavior databases in anomaly detection systems. In IPSJ Transactions on Advanced Computing Systems, Vol.44CNo.SIG 10(ACS 2).
  7. Sekar, R., Bendre, M., Bollineni, P., and Dhurjati, D. (2001). A fast automaton-based method for detecting anomalous program behaviors. In IEEE Symposium on Security and Privacy.
  8. Wagner, D. and Dean, D. (2001). Intrusion detection via static analysis. In Proc. of the 2001 IEEE Symposium on Security and Privacy.
  9. Wagner, D. and Soto, P. (2002). Mimicry attacks on host based intrusion detection systems. In Proc. of Ninth ACM Conference on Computer and Communications Security.
Download


Paper Citation


in Harvard Style

Tabata T. and Sakurai K. (2004). DESIGN OF INTRUSION DETECTION SYSTEM AT USER LEVEL WITH SYSTEM-CALL INTERPOSING . In Proceedings of the First International Conference on E-Business and Telecommunication Networks - Volume 2: ICETE, ISBN 972-8865-15-5, pages 263-268. DOI: 10.5220/0001397602630268


in Bibtex Style

@conference{icete04,
author={Toshihiro Tabata and Kouichi Sakurai},
title={DESIGN OF INTRUSION DETECTION SYSTEM AT USER LEVEL WITH SYSTEM-CALL INTERPOSING},
booktitle={Proceedings of the First International Conference on E-Business and Telecommunication Networks - Volume 2: ICETE,},
year={2004},
pages={263-268},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0001397602630268},
isbn={972-8865-15-5},
}


in EndNote Style

TY - CONF
JO - Proceedings of the First International Conference on E-Business and Telecommunication Networks - Volume 2: ICETE,
TI - DESIGN OF INTRUSION DETECTION SYSTEM AT USER LEVEL WITH SYSTEM-CALL INTERPOSING
SN - 972-8865-15-5
AU - Tabata T.
AU - Sakurai K.
PY - 2004
SP - 263
EP - 268
DO - 10.5220/0001397602630268