Abstract
A significant number of cyber assaults and intrusion attempts are made against open source software written in C, C++, or Java. Detecting all flaws in a large system is still a daunting, unrealistic task. The information assurance area known as ”intrusion detection” (ID) senses unauthorized access attempts by monitoring key pieces of system data. There is a desire to at least detect intrusion attempts in order to stop them while in progress, or repair the damage at a later date. Most ID systems examine system log files, or monitor network traffic. This research presents a new approach to generating records for intrusion detection by means of instrumentation. Open source code such as a web server can be compiled and the execution path of the server can be observed externally in near real-time. This method thus creates a new data source for ID which can be incorporated into a discovery system.
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Gurley, R.: Intrusion detection (2000)
DARPA: Darpa intrusion detection evaluation data sets 2007, http://www.ll.mit.edu/IST/ideval/index.html
Huang, J.-c., et al.: Research of pattern matching in intrusion detection. In: Proceedings of the Second International Conference on Machine Learning and Cybernetics, pp. 2–5 (November 2003)
Poskanzer, J.: thttpd - tiny/turbo/throttling http server (2007), http://www.acme.com/software/thttpd/
Linz, P.: An introduction to formal languages and automata (2006)
Watson, B., et al.: Efficient automata constructions and approximate automata. In: Prague Stringology Conference proceedings (2006)
Cleophas, L., et al.: Constructing factor oracles. In: Prague Stringology Conference proceedings (2003)
Brzozowski, J.A.: Derivations of regular expressions. JACM 11(4), 481–494 (1964)
Thompson, K.: Regular expression search algorithm. In: CACM, pp. 419–422 (June 1968)
Cox, R.: Regular expression matching can be simple and fast (but is slow in java, perl, php, python, ruby (2007), http://swtch.com/rsc/regexp/regexp1.html
Tromp, J.: The fhourstones benchmark version 3 (2007), http://homepages.cwi.nl/tromp/c4/fhour.html
Apache: Apache http server project, http://httpd.apache.org/ (2007)
Bond, D.: Fizmez web server (2007), http://freeware.fizmez.com/
Silva, E.: Monkey http daemon (2007), http://monkeyd.sourceforge.net/
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Mahoney, W., Sousan, W. (2007). Instrumentation of Open-Source Software for Intrusion Detection. In: Sokolsky, O., Taşıran, S. (eds) Runtime Verification. RV 2007. Lecture Notes in Computer Science, vol 4839. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-77395-5_13
Download citation
DOI: https://doi.org/10.1007/978-3-540-77395-5_13
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-77394-8
Online ISBN: 978-3-540-77395-5
eBook Packages: Computer ScienceComputer Science (R0)