Host-Based Intrusion Detection System with System Calls

2019 ◽  
Vol 51 (5) ◽  
pp. 1-36 ◽  
Author(s):  
Ming Liu ◽  
Zhi Xue ◽  
Xianghua Xu ◽  
Changmin Zhong ◽  
Jinjun Chen
Keyword(s):  
Intrusion Detection ◽  
Intrusion Detection System ◽  
Detection System ◽  
System Calls

scholarly journals Exploitation of DNS Tunneling for Optimization of Data Exfiltration in Malware-free APT Intrusions

2017 ◽  
Vol 1 (1) ◽  
pp. 51-56
Author(s):  
Aaron Zimba ◽  
Mumbi Chishimba
Keyword(s):  
Intrusion Detection ◽  
Network Traffic ◽  
Intrusion Detection System ◽  
Detection System ◽  
Traffic Analysis ◽  
System Calls ◽  
Targeted Attacks ◽  
Low Threshold ◽  
Mitigation Techniques

One of the main goals of targeted attacks include data exfiltration. Attackers penetrate systems using various forms of attack vectors but the hurdle comes in exfiltrating the data. APT attackers even reside in a host for long periods of time whilst seeking the best option to exfiltrate data. Most data exfiltration techniques are prone to detection by intrusion detection system. Therefore, data exfiltration methodologies that generate little noise if any at all are attractive to attackers and can go undetected for long periods owing the low threshold of generated noise in form network traffic and system calls. In this paper, we present malware-free intrusion, an attack methodology which does not explicitly use malware to exfiltrate data. Our attack structure exploits the use of system services and resources not limited to RDP, PowerShell, Windows accessibility backdoor and DNS tunneling. Results show that it’s possible to exfiltrate data from vulnerable hosts using malwarefree intrusion as an infection vector and DNS tunneling as a data exfiltration technique. We test the attack on both Windows and Linux system over different networks. Mitigation techniques are suggested based on traffic analysis captured from the established secure DNS tunnels on the network.

scholarly journals Intrusion Detection System for Applications using Linux Containers

2016 ◽  
Author(s):  
Amr Abed
Keyword(s):  
Intrusion Detection ◽  
Real Time ◽  
Intrusion Detection System ◽  
Detection System ◽  
Cyber Attacks ◽  
Critical Systems ◽  
System Calls ◽  
Industrial Use ◽  
Mission Critical ◽  
Linux Containers

Linux containers are gaining increasing traction in both individual and industrial use, and as these containers get integrated into mission-critical systems, real-time detection of malicious cyber attacks becomes a critical operational requirement. This paper introduces a real-time host-based intrusion detection system that can be used to passively detect malfeasance against applications within Linux containers running in a standalone or in a cloud multi-tenancy environment. The demonstrated intrusion detection system uses bags of system calls monitored from the host kernel for learning the behavior of an application running within a Linux container and determining anomalous container behavior. Performance of the approach using a database application was measured and results are discussed.

Sign in / Sign up

Export Citation Format

Share Document