Robust Host Anomaly Detector Using Strong Isolation

Current operating systems become greater and complex increasingly and a great lot of vulnerabilities and hidden risks are in existence. Host-based intrusion detector is subject to attack relative to network-based intrusion detection because operating systems provide poor isolation. An alterative arc...

Full description

Saved in:
Bibliographic Details
Published in2008 International Conference on Computer Science and Software Engineering : 12-14 December 2008 Vol. 3; pp. 575 - 578
Main Authors Peng Xinguang, Zhang Yanyan
Format Conference Proceeding
LanguageEnglish
Published IEEE 01.12.2008
Subjects
anomaly detection
Computer architecture
Computer science
Detectors
Hardware
Intrusion detection
Isolation technology
Operating systems
Robustness
system calls
system security
virtual machine
Virtual machine monitors
Virtual machining
Online AccessGet full text
ISBN0769533361
9780769533360
DOI10.1109/CSSE.2008.993

Cover

More Information
Summary:Current operating systems become greater and complex increasingly and a great lot of vulnerabilities and hidden risks are in existence. Host-based intrusion detector is subject to attack relative to network-based intrusion detection because operating systems provide poor isolation. An alterative architecture and method used for host anomaly detector are proposed by making use of the SKAS mode of User Mode Linux Virtual Machine Monitor to enhance the survivability and robustness of anomaly detector on system calls. Even if attackers have gained unauthorized access to system services it is impossible for them to gain access chance to the anomaly detector because of strong space isolation. The primary experiments show that robustness, survivability and anomaly discriminating capability of host-based intrusion detector are improved.
ISBN:0769533361
9780769533360
DOI:10.1109/CSSE.2008.993