Abstract
A significant number of cyber assaults and intrusion attempts are made against open source software written in C, C++, or Java. Detecting all flaws in a large system is still a daunting, unrealistic task. The information assurance area known as ”intrusion detection” (ID) senses unauthorized access attempts by monitoring key pieces of system data. There is a desire to at least detect intrusion attempts in order to stop them while in progress, or repair the damage at a later date. Most ID systems examine system log files, or monitor network traffic. This research presents a new approach to generating records for intrusion detection by means of instrumentation. Open source code such as a web server can be compiled and the execution path of the server can be observed externally in near real-time. This method thus creates a new data source for ID which can be incorporated into a discovery system.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Gurley, R.: Intrusion detection (2000)
DARPA: Darpa intrusion detection evaluation data sets 2007, http://www.ll.mit.edu/IST/ideval/index.html
Huang, J.-c., et al.: Research of pattern matching in intrusion detection. In: Proceedings of the Second International Conference on Machine Learning and Cybernetics, pp. 2–5 (November 2003)
Poskanzer, J.: thttpd - tiny/turbo/throttling http server (2007), http://www.acme.com/software/thttpd/
Linz, P.: An introduction to formal languages and automata (2006)
Watson, B., et al.: Efficient automata constructions and approximate automata. In: Prague Stringology Conference proceedings (2006)
Cleophas, L., et al.: Constructing factor oracles. In: Prague Stringology Conference proceedings (2003)
Brzozowski, J.A.: Derivations of regular expressions. JACM 11(4), 481–494 (1964)
Thompson, K.: Regular expression search algorithm. In: CACM, pp. 419–422 (June 1968)
Cox, R.: Regular expression matching can be simple and fast (but is slow in java, perl, php, python, ruby (2007), http://swtch.com/rsc/regexp/regexp1.html
Tromp, J.: The fhourstones benchmark version 3 (2007), http://homepages.cwi.nl/tromp/c4/fhour.html
Apache: Apache http server project, http://httpd.apache.org/ (2007)
Bond, D.: Fizmez web server (2007), http://freeware.fizmez.com/
Silva, E.: Monkey http daemon (2007), http://monkeyd.sourceforge.net/
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Mahoney, W., Sousan, W. (2007). Instrumentation of Open-Source Software for Intrusion Detection. In: Sokolsky, O., Taşıran, S. (eds) Runtime Verification. RV 2007. Lecture Notes in Computer Science, vol 4839. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-77395-5_13
Download citation
DOI: https://doi.org/10.1007/978-3-540-77395-5_13
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-77394-8
Online ISBN: 978-3-540-77395-5
eBook Packages: Computer ScienceComputer Science (R0)