Host-Based Intrusion Detection System: Model and Design Features
This article reports on a model of a host-based intrusion detection system. Using a model of a state machine possible mechanisms of security violations in a computer system are analyzed. Thereafter principles are suggested for building an analysis module based on a model of dynamic monitoring of system statuses. The article concludes with a number of approaches for developing a data acquisition module for a host-based intrusion detection system.
Keywordsintrusion detection host-based intrusion detection system attack API Intercept
Unable to display preview. Download preview PDF.
- 1.Axelsson, S.: Research in Intrusion-Detection systems: A Survey. Technical Report 98-17, Dept. of Computer Eng. Chalmers Univ. of Tech, SE-412 96 (1998)Google Scholar
- 2.Axelsson, S.: Intrusion Detection Systems: A Survey and Taxonomy. Technical Report 99-15, Depart. of Computer Engineering, Chalmers University (2000)Google Scholar
- 3.Allen, J., Christie, A., Fithen, W., McHugh, J. Pickel, J., Stoner, E.: State of the practice of intrusion detection technologies. Technical Report CMU/SEI-99TR-028, CMU/SEI (2000)Google Scholar
- 4.Richter, J.: Advanced Windows, 3rd edn. Microsoft Press (1997)Google Scholar
- 5.Solomon, D., Russinovich, M.: Microsoft Windows Internals, 4th edn. Microsoft Windows Server(TM) 2003, Windows XP, and Windows 2000. Microsoft Press, (2004)Google Scholar
- 6.Godber, A.: Linux Function Interception (2002). URL http://0xb.org/interception/