Skip to main content
SpringerLink
Log in

A Novel Intrusion Detection System for a Local Computer Network

  • Conference paper
Computer Network Security (MMM-ACNS 2007)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 1))

  • 646 Accesses

Abstract

Local computer networks at major universities are routinely plagued by self-replicating malicious software. Due to the intensive exchange of data and information within the network, when modern viruses, worms and malicious software are introduced they propagate very quickly, leaving little or no time for human intervention. Such environments are ideal for the implementation of the automatic IDS described hereins. It employs the Dynamic Code Analyzer (DCA) that detects malicious software during run time by monitoring system calls invoked by individual processes and detecting subsequences (patterns) of system calls indicative of attempted self-replication. A similar approach, also utilizing system calls, is developed for the detection of network worms. Both techniques have the potential for detecting previously unknown malicious software and significantly reducing computer resource utilization. Unfortunately, in comparison with traditional signature based antivirus software, both approaches have a much higher rate of false alarms. To address this short coming the authors propose a method to search for evidence of the alarm propagation within the network. This is achieved by aggregating alarms from individual hosts at a server where these alarms can be correlated, resulting in a highly accurate detection capability. Such a system, implementing the presented technology, and capable of significantly reducing the downtime of networked computers owned by students and faculty, is being implemented at the computer network at the Kazakh National University.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Bernaschi, M., Grabrielli, E., Mancini, L.: Operating System Enhancements to Prevent the Misuse of System Calls. In: Proceedings of the ACM Conference on Computer and Communications Security (June 2000)

    Google Scholar 

  2. Bowen, T., Segal, M., Sekar, R., On preventing intrusions by process behavior monitoring In: Proceedings of the Workshop on Intrusion Detection and Network Monitoring (May 1999)

    Google Scholar 

  3. Durante, A., Di Pietro, R., Mancini, L.V.: Formal Specification for Fast Automatic IDS Training. In: Abdallah, A.E., Ryan, P.Y.A., Schneider, S. (eds.) FASec 2002. LNCS, vol 2629, pp. 191–204. Springer, Heidelberg (2003)

    Google Scholar 

  4. Gottman, J.M., Kumar, R.A.: Sequential analysis. A guide for behavioral researchers. Cambridge University Press, Cambridge (1990)

    Google Scholar 

  5. Hofmeyr, S.A., Forrest, S., Somayaji, A.: Intrusion detection using sequences of system calls. Journal of Computer Security 6, 151–180 (1998)

    Google Scholar 

  6. Kang, D., Fuller, D., Honavar, V.: Learning classifiers for misuse and anomaly detection using a bag of system calls representation. In: Proceedings of 6th IEEE Systems Man and Cybernetics Information Assurance Workshop (June 2005)

    Google Scholar 

  7. Krügel, C., Mutz, K., Valeur, K., Vigna, G.: On the Detection of Anomalous System Call Arguments. In: Snekkenes, E., Gollman, D. (eds.) ESORICS 2003. LNCS, vol. 2808, Springer, Heidelberg (2003)

    Google Scholar 

  8. Liu, A., Cheryl, M.: A Comparison of System Call Feature Representations for Insider Threat Detection. In: Proceedings of the 6th IEEE Information Assurance Workshop (May 2005)

    Google Scholar 

  9. Skormin, V., Volynkin, A., Summerville, D., Moronski, J.: Run-Time Detection of Malicious Self-Replication in Binary Executables. Journal of Computer Security 15 (2007)

    Google Scholar 

  10. Stolfo, S., Lee, W., Eskin, E.: Modeling system calls for ID with Dynamic Window Sizes. Proceedings of the DISCEX II (June 2001)

    Google Scholar 

  11. Tandon, G., Chan, P.K. Learning Useful System Call Attributes for Anomaly Detection. In: Proceedings of the FLAIRS Conference (June 2005)

    Google Scholar 

  12. Tokhtabayev, A.G., Skormin, A.G.: Non-Stationary Markov Models and Anomaly Propagation Analysis in IDS. In: Proceedings of IAS’07 (to appear)

    Google Scholar 

  13. Xu, M., Chen, C., Ying, J.: Anomaly detection based on system call classification. Journal of Software 15, 391–403 (2004)

    MATH  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Binghamton University, Binghamton, NY, USA

    A. Tokhtabayev & V. Skormin

  2. Kazakh National University, Almaty, Kazakhstan

    A. Altaibek & U. Tukeyev

Authors
  1. A. Tokhtabayev
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. A. Altaibek
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. V. Skormin
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. U. Tukeyev
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. St. Petersburg Institute for Informatics and Automation, 39, 14th Liniya, St. Petersburg, 199178, Russia

    Vladimir Gorodetsky  & Igor Kotenko  & 

  2. US Air Force, Binghamton University (SUNY), Binghamton, NY, 13902, USA

    Victor A. Skormin

Rights and permissions

Reprints and permissions

Copyright information

© 2007 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Tokhtabayev, A., Altaibek, A., Skormin, V., Tukeyev, U. (2007). A Novel Intrusion Detection System for a Local Computer Network. In: Gorodetsky, V., Kotenko, I., Skormin, V.A. (eds) Computer Network Security. MMM-ACNS 2007. Communications in Computer and Information Science, vol 1. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-73986-9_27

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-73986-9_27

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-73985-2

  • Online ISBN: 978-3-540-73986-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation