Skip to main content
SpringerLink
Log in

Enhancing Host Security Using External Environment Sensors

  • Conference paper
Security and Privacy in Communication Networks (SecureComm 2010)

  • 1771 Accesses

Abstract

We propose a framework that uses environment information to enhance computer security. We apply our framework to: enhance IDS performance; and to enrich the expressiveness of access/rate controls. The environment information is gathered by external (w.r.t the host) sensors, and transmitted via an out-of-band channel, and thus it is hard for adversaries not having physical access to compromise the system. The information gathered still remains intact even if malware use rootkit techniques to hide its activities. Due to requirements on user privacy, the information gathered could be coarse and simple. We show that such simple information is already useful in several experimental evaluations. For instance, binary user presence indicating at a workstation can help to detect DDoS zombie attacks and illegal email spam. Our framework takes advantage of the growing popularity of multimodal sensors and physical security information management systems. Trends in sensor costs suggest that it will be cost-effective in the near future.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. The Myth of The Four-minute Windows Survival Time, http://www.edbott.com/weblog/?p=2071

  2. Unpatched PC ’Survival Time’ Just 16 Minutes, http://www.informationweek.com/news/showArticle.jhtml?articleID=29106061

  3. Conficker, http://en.wikipedia.org/wiki/Conficker

  4. EasySen SBT80 Product Page, http://www.easysen.com/SBT80.htm

  5. Wang, H., Zhang, D., Shin, K.G.: Detecting SYN Flooding Attacks. In: IEEE InfoCom (2002)

    Google Scholar 

  6. Basseville, M., Nikiforov, I.V.: Detection of Abrupt Changes: Theory and Application. Prentice-Hall, Englewood Cliffs (1993)

    Google Scholar 

  7. Page, E.S.: Continuous Inspection Schemes. Biometrika (1954)

    Google Scholar 

  8. Ardagna, C.A., Cremonini, M., Damiani, E., di Vimercati, S.D.C., Samarati, P.: Supporting Location-Based Conditions in Access Control Policies. In: ACSAC (2006)

    Google Scholar 

  9. Von Ahn, L., Blum, M., Hopper, N.J., Langford, J.: CAPTCHA: Using hard AI problems for security. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656. Springer, Heidelberg (2003)

    Google Scholar 

  10. Cui, W., Katz, R.H., Tan, W-.T.: Design and Implementation of an Extrusion-based Break-In Detector for Personal Computers. In: ACSAC (2005)

    Google Scholar 

  11. Gu, G., Porras, P., Yegneswaran, V., Fong, M., Lee, W.: BotHunter: Detecting Malware Infection Through IDS-Driven Dialog Correlation. In: USENIX Security (2005)

    Google Scholar 

  12. John, J.P., Moshchuk, A., Gribble, S.D., Krishnamurthy, A.: Studying Spamming Botnets Using Botlab. In: NSDI (2009)

    Google Scholar 

  13. Yen, T.-.F., Reiter, M.K.: Traffic Aggregation for Malware Detection. In: GI Intl. Conf. on Detection of Intrusions and Malware, and Vulnerability Assessment (2008)

    Google Scholar 

  14. Kumar, S., Sim, T., Janakiraman, R., Zhang, S.: Using Continuous Biometric Verification to Protect Interactive Login Sessions. In: ACSAC (2005)

    Google Scholar 

  15. Kwang, G.K., Yap, R.H.C., Sim, T., Ramnath, R.: An Usability Study of Continous Biometrics Authentication. In: IAPR/IEEE Intl. Conf. on Biometrics (2009)

    Google Scholar 

  16. Provos, N.: Improving Host Security with System Call Policies. In: USENIX Security (2003)

    Google Scholar 

  17. Halim, F., Ramnath, R., Sufatrio Wu, Y., Yap, R.H.C.: A Lightweight Binary Authentication System for Windows. In: IFIPTM (2008)

    Google Scholar 

  18. Ingham, K., Forrest, S.: A History and Survey of Network Firewalls. Tech. Rep. TR-CS-2002-37, University of New Mexico Computer Science Department (2002)

    Google Scholar 

  19. Post, G., Kagan, A.: The Use and Effectiveness of Anti-Virus Software. Computers & Security 17(7) (1998)

    Google Scholar 

  20. Ardagna, C.A., Cremonini, M., Damiani, E., di Vimercati, S.D.C., Samarati, P.: Supporting Location-Based Conditions in Access Control Policies. In: ASIACCS (2006)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. School of Computing, National University of Singapore, Singapore

    Ee-Chien Chang, Liming Lu, Yongzheng Wu & Roland H. C. Yap

  2. Temasek Laboratories, National University of Singapore, Singapore

    Yongzheng Wu

  3. Department of Computer Science, National University of Defense Technology, China

    Jie Yu

Authors
  1. Ee-Chien Chang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Liming Lu
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Yongzheng Wu
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Roland H. C. Yap
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Jie Yu
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Center for Secure Information Systems, George Mason University, 4400 University Drive, 22030-4422, Fairfax, VA, USA

    Sushil Jajodia

  2. Institute for Infocomm Research, 1 Fusionopolis Way, 21-01 Connexis, 138632, South Tower, Singapore

    Jianying Zhou

Rights and permissions

Reprints and permissions

Copyright information

© 2010 ICST Institute for Computer Science, Social Informatics and Telecommunications Engineering

About this paper

Cite this paper

Chang, EC., Lu, L., Wu, Y., Yap, R.H.C., Yu, J. (2010). Enhancing Host Security Using External Environment Sensors. In: Jajodia, S., Zhou, J. (eds) Security and Privacy in Communication Networks. SecureComm 2010. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 50. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-16161-2_21

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-16161-2_21

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-16160-5

  • Online ISBN: 978-3-642-16161-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation