Browse > Article
http://dx.doi.org/10.3745/KIPSTC.2008.15-C.4.239

An Intrusion Detection Method by Tracing Root Privileged Processes  

Park, Jang-Su (영남대학교 컴퓨터공학과)
Ahn, Byoung-Chul (영남대학교 전자정보공학부)
Publication Information
The KIPS Transactions:PartC / v.15C, no.4, 2008 , pp. 239-244 More about this Journal
Abstract
It is not enough to reduce damages of computer systems by just patching vulnerability codes after incidents occur. It is necessary to detect and block intrusions by boosting the durability of systems even if there are vulnerable codes in systems. This paper proposes a robust real-time intrusion detection method by monitoring root privileged processes instead of system administrators in Linux systems. This method saves IP addresses of users in the process table and monitors IP addresses of every root privileged process. The proposed method is verified to protect vulnerable programs against the buffer overflow by using KON program. A configuration protocol is proposed to manage systems remotely and host IP addresses are protected from intrusions safely through this protocol.
Keywords
Root privileged process; Intrusion detection; PCB; pass IP address; Configuration protocol;
Citations & Related Records
연도 인용수 순위
  • Reference
1 D. L. and Ritchie, D.M. 1985, “Interprocess Communication in the Eighth Edition UNIX System”, Proceedings of the 1985 summer USENIX Conference, Portland, Oreg., 1985
2 Grover. Linux Magazine. Buffer Overflow Attacks and Their Countermeasures
3 Security Team gloomy & The Itch. Instruction pointer schurken
4 http://kerneltrap.org/node/644
5 http://www.redhat.com/archives/fedora-announce-list/2004-June/msg00017.html
6 Aurobindo Sundaram. An Introdunction to Intrusion Detection   DOI
7 Anon. Linux Security Audit Project. http://lsap.org/
8 Stevens. Addison Wesley. Advanced Programming in the UNIX Environment
9 DANIEL P.BOVET & MARCO CESATI O'REILLY. Understanding Linux Kernel Second Edition
10 http://packetstormsecurity.nl/0306-exploits/
11 Lu. AN ADAPTIVE REAL-TIME INTRUSION DETECTION SYSTEM USING SEQUENCES OF SYSTEM CALL. CCECE 2003 - CCGEI 2003, Montreal, May/mai 2003   DOI
12 http://www.cert.org
13 Makoto Shimamura, Kenji Kono. Using Attack Information to Reduce False Positives in Network IDS. Proceedings of the 11th IEEE Symposium on Computers and Communications (ISCC'06)
14 Martin Roesch. Snort –Lightweight Intrusion Detection for Networks. In LISA'99: USENIX 13th Systems Administration Conference on System Administration
15 One. Phrack 49. Smashing The Stack For Fun And Profit
16 Amit Purohit, Vishnu Navda and Tzi-cker Chiueh. Tracing the Root of “Rootable” Processes. Proceedings of the 20th Annual Computer Security Application Conference(ACSAC'04)