Intrusion Detection by Monitoring System Calls with POSIX Capabilities(<Special Section>New Challenge for Internet Technology and its Architecture)
スポンサーリンク
概要
- 論文の詳細を見る
Existing anomaly intrusion detection that monitors system calls has two problems: vast false positives and lack of risk information on detection. In order to solve the two problems, we propose an intrusion detection method called "Callchains." Callchains reduces the false positives of existing anomaly intrusion detection by restricting monitoring to the activities with process capabilities prescribed by POSIX 1003. 1e. Additionally, Callchains provides an administrator information of used POSIX capabilities in sytem call execution as an indicator of risk. This paper shows Callchains' design, its implementation, and experimental results comparing Callchains with existing approaches.
- 社団法人電子情報通信学会の論文
- 2007-10-01
著者
-
Tominaga Hideyoshi
Global Information And Telecommunication Institute Waseda University
-
Nakazato Hidenori
Global Information And Telecommunication Institute Waseda University
-
HARUYAMA Takahiro
NTT Information Sharing Platform Laboratories, NTT Corporation
-
Haruyama Takahiro
Ntt Information Sharing Platform Laboratories Ntt Corporation
関連論文
- The Development of a Multimedia Transcoding System for Mobile Access to Video Conferencing(Special Issue on Mobile Multimedia Communications)
- Efficient Video Mosaicing for Partial High Resolution Image Adaptive to Region
- Intrusion Detection by Monitoring System Calls with POSIX Capabilities(New Challenge for Internet Technology and its Architecture)
- Loop-Free IP Fast Rerouting Considering Double-Link Failures
- Autonomous IP Fast Rerouting with Compressed Backup Flow Entries Using OpenFlow
- Loop-Free IP Fast Rerouting Considering Double-Link Failures
- Autonomous IP Fast Rerouting with Compressed Backup Flow Entries Using OpenFlow