INSPIRING FUTURES

NetHost-Sensor: Monitoring a target host’s application via system calls.

Abimbola, Abiola, Munoz, Jose and Buchanan, William J (2006) NetHost-Sensor: Monitoring a target host’s application via system calls. Information Security Technical Report, 11 (4). pp. 166-175. ISSN 1363 4127

[img] PDF
Restricted to Registered users only
Available under License Creative Commons Attribution Non-commercial.

Download (460kB) | Request a copy

    Abstract/Description

    Intrusion detection has emerged as an important approach to network, host and application security. Network security includes analysing network packet payload and other inert network packet profiles for intrusive trends; whereas, host security may employ system logs for intrusion detection. In this paper, we contribute to the research community by tackling application security and attempt to detect intrusion via differentiating normal and abnormal application behaviour. A method for anomaly intrusion detection for applications is proposed based on deterministic system call traces derived from a monitored target application's dynamic link libraries (DLLs). We isolate associated DLLs of a monitored target application; log system call traces of the application in real time and use heuristic method to detect intrusion before the application is fully compromised. Our investigative research experiment methodology and set-up are reported, alongside our experimental procedure and results that show our research effort is effective and efficient, and can be used in practice to monitor a target application in real time.

    Item Type: Article
    Print ISSN: 1363 4127
    Uncontrolled Keywords: Intrusion detection; Network; Host; Application security; Dynamic link libraries; System calls;
    University Divisions/Research Centres: Faculty of Engineering, Computing and Creative Industries > School of Computing
    Dewey Decimal Subjects: 000 Computer science, information & general works > 020 Library & information sciences
    000 Computer science, information & general works > 000 Computer science, knowledge & systems > 005 Computer programming, programs & data
    Library of Congress Subjects: Z Bibliography. Library Science. Information Resources > Z665 Library Science. Information Science
    Q Science > QA Mathematics > QA76 Computer software
    Item ID: 1834
    Depositing User: RAE Import
    Date Deposited: 21 May 2008 09:33
    Last Modified: 21 Mar 2013 11:52
    URI: http://researchrepository.napier.ac.uk/id/eprint/1834

    Actions (login required)

    View Item

    Document Downloads

    More statistics for this item...

    Edinburgh Napier University is a registered Scottish charity. Registration number SC018373