Advances and challenges in standalone host-based intrusion detection systems

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Volumn 7449 LNCS, Issue , 2012, Pages 105-117

  Bukac, Vit ^a   Tucek, Pavel ^a   Deutsch, Martin ^a  

^a MASARYK UNIVERSITY   (Czech Republic)

Author keywords

HIDS; host based IDS; intrusion detection; survey

Indexed keywords

COLLABORATIVE INTRUSION DETECTION SYSTEM; HIDS; HOST-BASED; HOST-BASED INTRUSION DETECTION SYSTEM; INTEGRITY CHECKING; NETWORK TRAFFIC ANALYSIS; NETWORK-BASED; PROCESS BEHAVIOR; RESEARCH EFFORTS; RESEARCH TRENDS; UNTRUSTED NETWORK;

COMPUTER CRIME; MOBILE DEVICES; RESEARCH; SURVEYS;

INTRUSION DETECTION;

EID: 84866010567     PISSN: 03029743     EISSN: 16113349     Source Type: Book Series    
DOI: 10.1007/978-3-642-32287-7_9     Document Type: Conference Paper

References (28)

1. Baliga, A., Iftode, L., Chen, X.: Automated containment of rootkits attacks. Computers & Security 27(7-8), 323-334 (2008)
2. Barbhuiya, F.A., Roopa, S., Ratti, R., Hubballi, N., Biswas, S., Sur, A., Nandi, S., Ramachandran, V.: An Active Host-Based Detection Mechanism for ARP-Related Attacks. Advances in Networks and Communications 132, 432-443 (2011)
3. Gummadi, R., Balakrishnan, H., Maniatis, P., Ratnasamy, S.: Not-a-Bot (NAB): Improving Service Availability in the Face of Botnet Attacks. In: NSDI 2009 Proceedings of the 6th USENIX Symposium on Networked Systems Design and Implementation. USENIX Association, Berkeley (2009)
4. Hu, J.: Host-Based Anomaly Intrusion Detection. In: Handbook of Information and Communication Security, pp. 235-255. Springer, Heidelberg (2010)
5. Jin, H., Xiang, G., Zou, D., Zhao, F., Li, M., Yu, C.: A guest-transparent file integrity monitoring method in virtualization environment. Computers & Mathematics with Applications 60(2), 256-266 (2010)
6. Kaczmarek, J., Wróbel, M.: Modern Approaches to File System Integrity Checking. In: 1st International Conference on Information Technology, pp. 1-4 (May 2008)
7. Khurana, S.S., Bansal, D., Sofat, S.: Recovery Based Architecture to Protect Hids Log Files using Time Stamps. Journal of Emerging Technologies in Web Intelligence 2(2), 110-114 (2010)
8. Kolbitsch, C., Comparetti, P.M., Kruegel, C., Kirda, E., Zhou, X., Wang, X.: Effective and Efficient Malware Detection at the End Host. In: SSYM 2009 Proceedings of the 18th Conference on USENIX Security Symposium. USENIX Association, Berkeley (2009)
9. Kwon, J., Lee, J., Lee, H.: Hidden Bot Detection by Tracing Non-human Generated Traffic at the Zombie Host. In: Bao, F., Weng, J. (eds.) ISPEC 2011. LNCS, vol. 6672, pp. 343-361. Springer, Heidelberg (2011)
10. Kwon, M., Jeong, K., Lee, H.: PROBE: A Process Behavior-Based Host Intrusion Prevention System. In: Chen, L., Mu, Y., Susilo, W. (eds.) ISPEC 2008. LNCS, vol. 4991, pp. 203-217. Springer, Heidelberg (2008)
11. Laureano, M., Maziero, C., Jamhour, E.: Protecting host-based intrusion detectors through virtual machines. Computer Networks: The International Journal of Computer and Telecommunications Networking 51(5), 1275-1283 (2007)
12. Laurens, V., El Saddik, A., Dhar, P.: DDoSniffer: Detecting DDOS Attack at the Source Agents. International Journal of Advanced Media and Communication 3(3) (2009)
13. Molina, J., Cukier, M.: Evaluating Attack Resiliency for Host Intrusion Detection Systems. Journal of Information Assurance and Security 4, 1-9 (2009)
14. Oprea, A., Reiter, M.K.: Integrity Checking in Cryptographic File Systems with Constant Trusted Storage. In: SS 2007 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium, pp. 183-198. USENIX Association, Berkeley (2007)
15. Ozyer, T., Alhajj, R., Barker, K.: Intrusion detection by integrating boosting genetic fuzzy classifier and data mining criteria for rule pre-screening. Journal of Network and Computer Applications - Special Issue: Network and Information Security: A Computational Intelligence Approach 30(1), 99-113 (2007)
16. Parno, B., Zhou, Z., Perrig, A.: Help Me Help You: Using Trustworthy Host-Based Information in the Network. Technical report (2009)
17. Patil, S., Kashyap, A., Sivathanu, G., Zadok, E.: I3FS: An In-Kernel Integrity Checker and Intrusion Detection File System. In: LISA 2004 Proceedings of the 18th USENIX Conference on System Administration, pp. 67-78. USENIX Association, Berkeley (2004)
18. Payne, B.D., Carbone, M., Sharif, M., Lee, W.: Lares: An Architecture for Secure Active Monitoring Using Virtualization. In: SP 2008 Proceedings of the 2008 IEEE Symposium on Security and Privacy, pp. 233-247 (May 2008)
19. Ptacek, T.H., Newsham, T.N.: Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection. Technical report (1998)
20. Quynh, N.A., Takefuji, Y.: A Novel Approach for a File-system Integrity Monitor Tool of Xen Virtual Machine. In: ASIACCS 2007 Proceedings of the 2nd ACM Symposium on Information, Computer and Communications Security. ACM, New York (2007)
21. Scarfone, K., Mell, P.: Guide to Intrusion Detection and Prevention Systems (IDPS). Technical report (2007)
22. Sivathanu, G., Wright, C.P., Zadok, E.: Ensuring Data Integrity in Storage: Techniques and Applications. In: StorageSS 2005 Proceedings of the 2005 ACM Workshop on Storage Security and Survivability, pp. 26-36. ACM, New York (2005)
23. Srivastava, A., Giffin, J.: Tamper-Resistant, Application-Aware Blocking of Malicious Network Connections. In: Lippmann, R., Kirda, E., Trachtenberg, A. (eds.) RAID 2008. LNCS, vol. 5230, pp. 39-58. Springer, Heidelberg (2008)
24. Kola Sujatha, P., Kannan, A., Ragunath, S., Sindhu Bargavi, K., Githanjali, S.: A Behavior Based Approach to Host-Level Intrusion Detection Using Self-Organizing Maps. In: ICETET 2008 Proceedings of the 2008 First International Conference on Emerging Trends in Engineering and Technology, pp. 1267-1271. IEEE Computer Society, Washington, DC (2008)
25. Takemori, K., Fujinaga, M., Sayama, T., Nishigaki, M.: Host-based traceback; tracking bot and C&C server. In: ICUIMC 2009 Proceedings of the 3rd International Conference on Ubiquitous Information Management and Communication. ACM, New York (2009)
26. Takemori, K., Nishigaki, M., Tomohiro, T., Yutaka, M.: Detection of Bot Infected PCs Using Destination-based IP and Domain Whitelists during a Non-operating Term. In: GLOBECOM 2008 Proceedings of the Global Communications Conference, pp. 2072-2077. IEEE Computer Society, Washington, DC (2008)
27. Xiong, H., Malhotra, P., Stefan, D., Wu, C., Yao, D.: User-Assisted Host-Based Detection of Outbound Malware Traffic. In: Qing, S., Mitchell, C.J., Wang, G. (eds.) ICICS 2009. LNCS, vol. 5927, pp. 293-307. Springer, Heidelberg (2009)
28. Zhou, C.V., Leckie, C., Karunasekera, S.: A survey of coordinated attacks and collaborative intrusion detection. Computers & Security 29(1), 124-140 (2010)