Skip to main content
Springer Nature Link
Log in

SoIDPS: Sensor Objects-Based Intrusion Detection and Prevention System and Its Implementation

  • Conference paper
Computational Intelligence and Security (CIS 2005)

Part of the book series: Lecture Notes in Computer Science ((LNAI,volume 3802))

Included in the following conference series:

  • 949 Accesses

Abstract

In this paper, we propose an intrusion detection and prevention system using sensor objects that are a kind of trap and are accessible only by the programs that are allowed by the system. Any access to the sensor object by disallowed programs or any transmission of the sensor object to outside of the system is regarded as an intrusion. In such case, the proposed system logs the related information on the process as well as the network connections, and terminates the suspicious process to prevent any possible intrusion. By implementing the proposed method as Loadable Kernel Module (LKM) in the Linux, it is impossible for any process to access the sensor objects without permission. In addition, the security policy will be dynamically applied at run time. Experimental results show that the security policy is enforced with negligible overhead, compared to the performance of the unmodified original system.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Ranum, M.J.: Experiences Benchmarking Intrusion Detection Systems, NFR Security Technical Publications (December 2001), http://www.nfr.com

  2. Understanding Heuristics: Symantec’s Bloodhound Technology. Symantec White Paper Series Volume XXXIV

    Google Scholar 

  3. ISO/IEC WD 18043 (SC 27 N 3180): Guidelines for the implementation, operation and management of intrusion detection systems (IDS) (04-26-2002)

    Google Scholar 

  4. Lindqvist, U., Porras, P.: Detecting Computer and Network Misuse through the Production-Based Expert System Toolset (P-BEST). In: Proceedings of the Symposium on Security and Privacy (1999)

    Google Scholar 

  5. Kumar, S., Spafford, E.H.: A Pattern Matching Model for Misuse Intrusion Detection. In: Proceedings of the 17th National Computer Security Conference (1994)

    Google Scholar 

  6. Michael, C.C., Ghosh, A.: Simple, state-based approaches to program-based anomaly detection. ACM Transactions on Information and System Security 5(3) (2002)

    Google Scholar 

  7. Stolfo, S.J., et al.: Anomaly Detection in Computer Security and an Application to File System Accesses. In: Proceedings of 15th International Symposium of Foundations of Intelligent Systems (2005)

    Google Scholar 

  8. Sekar, R., et al.: Intrusion Detection: Specification-based anomaly detection: a new approach for detecting network intrusions. In: Proceedings of the 9th ACM conference on Computer and communications security (2002)

    Google Scholar 

  9. Sekar, R., Uppuluri, P.: Synthesizing Fast Intrusion Prevention/Detection Systems from High-Level Specifications. In: Proceedings of USENIX Security Symposium (1999)

    Google Scholar 

  10. Charras, C., Lecroq, T.: Handbook of Exact String-Matching Algorithms, http://www-igm.univ-mlv.fr/~lecroq/biblio_en.html

  11. ftp://ftp.ee.lbl.gov

Download references

Author information

Authors and Affiliations

  1. Division of Information and Computer Science, DanKook University,  

    SeongJe Cho & Hye-Young Chang

  2. Korea Information Security Agency,  

    HongGeun Kim

  3. Department of Computer Science, KwangWoon University,  

    WoongChul Choi

Authors
  1. SeongJe Cho
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Hye-Young Chang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. HongGeun Kim
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. WoongChul Choi
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Microelectronic Instiute, Xidian University, 710071, Xi’an, China

    Yue Hao

  2. Department of Computer Science, Hong Kong Baptist University, Kowloon Tong, Hong Kong

    Jiming Liu

  3. School of Computer Science and Technology, Xidian University, Xi’an, China

    Yu-Ping Wang

  4. Department of Computer Science, Hong Kong Baptist University, Hong Kong,  

    Yiu-ming Cheung

  5. School of Electrical and Electronic Engineering, University of Manchester, UK

    Hujun Yin

  6. Life Science Research Center, School of Electronic Engineering, Xidian University, 710071, Xi’an, Shaanxi, China

    Licheng Jiao

  7. Key Laboratory of Computer Networks and Information Security(Ministry of Education), Xidian University, 710071, Xi’an, China

    Jianfeng Ma

  8. National Laboratory of Antennas and Microwave Technology, Xidian University, 710071, Xi’an, Shanxi, P.R. China

    Yong-Chang Jiao

Rights and permissions

Reprints and permissions

Copyright information

© 2005 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Cho, S., Chang, HY., Kim, H., Choi, W. (2005). SoIDPS: Sensor Objects-Based Intrusion Detection and Prevention System and Its Implementation. In: Hao, Y., et al. Computational Intelligence and Security. CIS 2005. Lecture Notes in Computer Science(), vol 3802. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11596981_38

Download citation

  • DOI: https://doi.org/10.1007/11596981_38

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-30819-5

  • Online ISBN: 978-3-540-31598-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics