Abstract
Lately a significant research effort was given to the development of network-based, hybrid and collaborative intrusion detection systems. Standalone host-based intrusion detection systems (HIDSs) were out of the main focus of security researchers. However, the importance of standalone HIDSs is still considerable. They are a suitable alternative when we need to secure notebooks traversing between networks, computers connected to untrusted networks or mobile devices communicating through wireless networks. This survey presents recent advances in standalone HIDSs, along with current research trends. We discuss the detection of intrusions from a host network traffic analysis, process behavior monitoring and file integrity checking. A separate chapter is devoted to the protection of HIDS against tampering.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Baliga, A., Iftode, L., Chen, X.: Automated containment of rootkits attacks. Computers & Security 27(7-8), 323–334 (2008)
Barbhuiya, F.A., Roopa, S., Ratti, R., Hubballi, N., Biswas, S., Sur, A., Nandi, S., Ramachandran, V.: An Active Host-Based Detection Mechanism for ARP-Related Attacks. Advances in Networks and Communications 132, 432–443 (2011)
Gummadi, R., Balakrishnan, H., Maniatis, P., Ratnasamy, S.: Not-a-Bot (NAB): Improving Service Availability in the Face of Botnet Attacks. In: NSDI 2009 Proceedings of the 6th USENIX Symposium on Networked Systems Design and Implementation. USENIX Association, Berkeley (2009)
Hu, J.: Host-Based Anomaly Intrusion Detection. In: Handbook of Information and Communication Security, pp. 235–255. Springer, Heidelberg (2010)
Jin, H., Xiang, G., Zou, D., Zhao, F., Li, M., Yu, C.: A guest-transparent file integrity monitoring method in virtualization environment. Computers & Mathematics with Applications 60(2), 256–266 (2010)
Kaczmarek, J., Wróbel, M.: Modern Approaches to File System Integrity Checking. In: 1st International Conference on Information Technology, pp. 1–4 (May 2008)
Khurana, S.S., Bansal, D., Sofat, S.: Recovery Based Architecture to Protect Hids Log Files using Time Stamps. Journal of Emerging Technologies in Web Intelligence 2(2), 110–114 (2010)
Kolbitsch, C., Comparetti, P.M., Kruegel, C., Kirda, E., Zhou, X., Wang, X.: Effective and Efficient Malware Detection at the End Host. In: SSYM 2009 Proceedings of the 18th Conference on USENIX Security Symposium. USENIX Association, Berkeley (2009)
Kwon, J., Lee, J., Lee, H.: Hidden Bot Detection by Tracing Non-human Generated Traffic at the Zombie Host. In: Bao, F., Weng, J. (eds.) ISPEC 2011. LNCS, vol. 6672, pp. 343–361. Springer, Heidelberg (2011)
Kwon, M., Jeong, K., Lee, H.: PROBE: A Process Behavior-Based Host Intrusion Prevention System. In: Chen, L., Mu, Y., Susilo, W. (eds.) ISPEC 2008. LNCS, vol. 4991, pp. 203–217. Springer, Heidelberg (2008)
Laureano, M., Maziero, C., Jamhour, E.: Protecting host-based intrusion detectors through virtual machines. Computer Networks: The International Journal of Computer and Telecommunications Networking 51(5), 1275–1283 (2007)
Laurens, V., El Saddik, A., Dhar, P.: DDoSniffer: Detecting DDOS Attack at the Source Agents. International Journal of Advanced Media and Communication 3(3) (2009)
Molina, J., Cukier, M.: Evaluating Attack Resiliency for Host Intrusion Detection Systems. Journal of Information Assurance and Security 4, 1–9 (2009)
Oprea, A., Reiter, M.K.: Integrity Checking in Cryptographic File Systems with Constant Trusted Storage. In: SS 2007 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium, pp. 183–198. USENIX Association, Berkeley (2007)
Ozyer, T., Alhajj, R., Barker, K.: Intrusion detection by integrating boosting genetic fuzzy classifier and data mining criteria for rule pre-screening. Journal of Network and Computer Applications - Special Issue: Network and Information Security: A Computational Intelligence Approach 30(1), 99–113 (2007)
Parno, B., Zhou, Z., Perrig, A.: Help Me Help You: Using Trustworthy Host-Based Information in the Network. Technical report (2009)
Patil, S., Kashyap, A., Sivathanu, G., Zadok, E.: I3FS: An In-Kernel Integrity Checker and Intrusion Detection File System. In: LISA 2004 Proceedings of the 18th USENIX Conference on System Administration, pp. 67–78. USENIX Association, Berkeley (2004)
Payne, B.D., Carbone, M., Sharif, M., Lee, W.: Lares: An Architecture for Secure Active Monitoring Using Virtualization. In: SP 2008 Proceedings of the 2008 IEEE Symposium on Security and Privacy, pp. 233–247 (May 2008)
Ptacek, T.H., Newsham, T.N.: Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection. Technical report (1998)
Quynh, N.A., Takefuji, Y.: A Novel Approach for a File-system Integrity Monitor Tool of Xen Virtual Machine. In: ASIACCS 2007 Proceedings of the 2nd ACM Symposium on Information, Computer and Communications Security. ACM, New York (2007)
Scarfone, K., Mell, P.: Guide to Intrusion Detection and Prevention Systems (IDPS). Technical report (2007)
Sivathanu, G., Wright, C.P., Zadok, E.: Ensuring Data Integrity in Storage: Techniques and Applications. In: StorageSS 2005 Proceedings of the 2005 ACM Workshop on Storage Security and Survivability, pp. 26–36. ACM, New York (2005)
Srivastava, A., Giffin, J.: Tamper-Resistant, Application-Aware Blocking of Malicious Network Connections. In: Lippmann, R., Kirda, E., Trachtenberg, A. (eds.) RAID 2008. LNCS, vol. 5230, pp. 39–58. Springer, Heidelberg (2008)
Kola Sujatha, P., Kannan, A., Ragunath, S., Sindhu Bargavi, K., Githanjali, S.: A Behavior Based Approach to Host-Level Intrusion Detection Using Self-Organizing Maps. In: ICETET 2008 Proceedings of the 2008 First International Conference on Emerging Trends in Engineering and Technology, pp. 1267–1271. IEEE Computer Society, Washington, DC (2008)
Takemori, K., Fujinaga, M., Sayama, T., Nishigaki, M.: Host-based traceback; tracking bot and C&C server. In: ICUIMC 2009 Proceedings of the 3rd International Conference on Ubiquitous Information Management and Communication. ACM, New York (2009)
Takemori, K., Nishigaki, M., Tomohiro, T., Yutaka, M.: Detection of Bot Infected PCs Using Destination-based IP and Domain Whitelists during a Non-operating Term. In: GLOBECOM 2008 Proceedings of the Global Communications Conference, pp. 2072–2077. IEEE Computer Society, Washington, DC (2008)
Xiong, H., Malhotra, P., Stefan, D., Wu, C., Yao, D.: User-Assisted Host-Based Detection of Outbound Malware Traffic. In: Qing, S., Mitchell, C.J., Wang, G. (eds.) ICICS 2009. LNCS, vol. 5927, pp. 293–307. Springer, Heidelberg (2009)
Zhou, C.V., Leckie, C., Karunasekera, S.: A survey of coordinated attacks and collaborative intrusion detection. Computers & Security 29(1), 124–140 (2010)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Bukac, V., Tucek, P., Deutsch, M. (2012). Advances and Challenges in Standalone Host-Based Intrusion Detection Systems. In: Fischer-Hübner, S., Katsikas, S., Quirchmayr, G. (eds) Trust, Privacy and Security in Digital Business. TrustBus 2012. Lecture Notes in Computer Science, vol 7449. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-32287-7_9
Download citation
DOI: https://doi.org/10.1007/978-3-642-32287-7_9
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-32286-0
Online ISBN: 978-3-642-32287-7
eBook Packages: Computer ScienceComputer Science (R0)