Browse > Article
http://dx.doi.org/10.6109/JKIICE.2009.13.11.2341

Design of T-N2SCD Detection Model based on Time Window  

Shin, Mi-Yea (충북대학교 전자계산학과)
Won, Il-Young (서울호서전문대학교 사이버해킹보안과)
Lee, Sang-Ho (충북대학교 전기전자 컴퓨터공학부)
Publication Information
Journal of the Korea Institute of Information and Communication Engineering / v.13, no.11, 2009 , pp. 2341-2348 More about this Journal
Abstract
An intrusion detection technique based on host consider system call sequence or system call arguments. These two ways are suitable when system call sequence or order and length of system call arguments are out of order. However, there are two disadvantages which a false positive rate and a false negative rate are high. In this paper we propose the T-N2SCD detection model based on Time Window in order to reduce false positive rate and false negative rate. Data for using this experiment is provided from DARPA. As experimental results, the proposed model showed that the false positive rate and the false negative rate are lowest at an interval of 1000ms than at different intervals.
Keywords
Intrusion Detection System; system call sequence; argument length;
Citations & Related Records
연도 인용수 순위
  • Reference
1 J. B. D. Cabrera, L. Lewis, and R.K. Mehara. Detection and classification of intrusion and faults using sequences of system calls. ACM SIGMOD Record, 30(4),2001
2 S.A. Hofmeyer, A. Somayaji and S.Forrest, "Intrusion Detection Using Sequences of System Calls", Journal of Computer Security Vol.6, pp. 151-180,1998   ScienceOn
3 http://www.ll.mit.edu/mission/
4 G. Casas-Garriga, P. Diaz, and J.L. Balcazar. ISSA : An integreated system for sequence analysis. Technical Report DELIS-TR-Ol03, Universitat Paderbom, 2005
5 S. Forrest, Steven A. Hofmeyr, Anil Somayaji, Thomas A. Longstaff, A Sense of Self for Unix Process, In Proceedings of the 1996 IEEE Symposium on Research in Security and Privacy, Los Alamos, CA, pp. 120-128. IEEE Computer Society Press
6 ChetanParampalli, R. Sekar, Rob Johnson, A practical mimicry attack against powerful system-call monitors, Proceedings of the 2008 ACM symposium on fuformation, computer and communications security, March 18-20,2008, Tokyo, Japan
7 양대일, "정보 보안 개론과 실습", 한빛미디어, 2003
8 D.E. Denning. An Intrusion-detection model. IEEE Transactions on Software Engineering, SE-13(2): 222-232, February 1987   DOI   ScienceOn
9 Anil Somayaji and Stephanie Forrest. Automated response using systemcall delays. In Proceedings of the 9th USENIX Security Symposium, Denver, CO, August 2000
10 C. Kruegel, D. Mutz, EValeur, and G. Vigna. On the Detection of Anomalous System Call Arguments. In Proceedings of the 2003 European Symposium on Research in Computer Security, Gjovik, Norway, October 2003
11 Stephanie Forrest, Alan S. Perelson, Lawrence Allen, and Rajesh Cherukuri. Self-nonself discrimination in a computer. In SP '94: Proceedings of the 1994 IEEE Symposium on Security and Privacy, page 202, Washington, DC, USA, 1994.IEEE Computer Society
12 N.Ye and Q.Chen. An anomaly detection technique based on a chi-square statistic for detecting intrusions into information systems. Quality and Reliability Engineering International, 17(2):105-112,2001   DOI   ScienceOn
13 D. Wagner and P. Soto. Mimicry attacks on host based intrusion detection systems. In 9th ACM Conference on Computer and Communications Security, Washington, DC, pp. 18-22, Nov. 2002
14 ETRI, 침입탐지시스템(IDS), 정보통신연구진흥원 학술정보 주간기술동향 1027호, Nov, 2001
15 Mark Burgess, Har 다 Haugerud, Sigmund Straumsnes, and Trond Reitan. Measuring system normality. ACM Trans. Comput. Syst., 20(2):125-160, 2002   DOI   ScienceOn