Skip to main content
SpringerLink
Log in

Enhancing host security using external environment sensors

  • Special Issue Paper
  • Published:
International Journal of Information Security Aims and scope Submit manuscript

Abstract

We propose a framework that uses (external) environment information to enhance computer security. The benefit of our framework is that the environment information is collected by sensors that are outside the control of a host and communicate to an external monitor via an out-of-band channel (w.r.t. the host), thus it cannot be compromised by malware on a host system. The information gathered still remains intact even if malware uses rootkit techniques to hide its activities. Our framework can be applied for a number of security applications: (1) intrusion detection; (2) rate monitoring/control of external resources; and (3) access control. We show that that the framework is useful even with coarse-grained and simple information. We present some experimental prototypes that employ the framework to detect/control email spam, detect/control DDoS zombie attacks and detect misuse of compute resources. Experimental evaluation shows that the framework is effecting in detecting or limiting the activities of such malware. The growing popularity of multimodal sensors and physical security information management systems suggests that such environmental sensors will become common making our framework cost effective and feasible in the near future.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. The Myth of The Four-minute Windows Survival Time, http://www.edbott.com/weblog/?p=2071

  2. Unpatched PC ‘Survival Time’ Just 16 Minutes, http://www.informationweek.com/news/showArticle.jhtml?articleID=29106061

  3. Conficker, http://en.wikipedia.org/wiki/Conficker

  4. MBR Rootkit, A New Breed of Malware, http://www.f-secure.com/weblog/archives/00001393.html

  5. Kumar, S., Sim, T., Janakiraman, R., Zhang, S.: Using continuous biometric verification to protect interactive login sessions. In: ACSAC (2005)

  6. Kwang, G.K., Yap, R.H.C., Sim, T., Ramnath, R.: An usability study of continous biometrics authentication. In: IAPR/IEEE International Conference on Biometrics (2009)

  7. FBI investigates allegations webcam used to monitor student, http://articles.cnn.com/2010-02-20/justice/laptop.suit_1_webcam-district-court-laptop

  8. EasySen SBT80 Product Page, http://www.easysen.com/SBT80.htm

  9. Schiller, C., Fogie, S., DeRodeff, C., Gregg, M.: Infosecurity 2008 Threat Analysis. Page 11. Publisher: Syngress (November 12, 2007)

  10. Wang, H., Zhang, D., Shin, K.G.: Detecting SYN Flooding Attacks. In: IEEE InfoCom (2002)

  11. Basseville M., Nikiforov I.V.: Detection of Abrupt Changes: Theory and Application. Prentice Hall, Englewood Cliffs (1993)

    Google Scholar 

  12. Chandola, V., Banerjee, A., Kumar, V.: Anomaly detection: a survey. ACM Comput. Surv. (CSUR) 41(3), July (2009)

  13. Page, E.S.: Continuous Inspection Schemes. Biometrika (1954)

  14. John, J.P., Moshchuk, A., Gribble, S.D., Krishnamurthy, A.: Studying spamming botnets using botlab. In: NSDI (2009)

  15. Von Ahn, L., Blum, M., Hopper, N.J., Langford, J.: CAPTCHA: Using hard AI problems for security. In: Eurocrypt (2003)

  16. Ardagna, C.A., Cremonini, M., Damiani, E., di Vimercati, S.D.C., Samarati, P.: Supporting location-based conditions in access control policies. In: ACSAC (2006)

  17. Post G., Kagan A.: The Use and Effectiveness of Anti-Virus Software. Computers & Security, 17(7), (1998)

  18. Provos, N.: Improving host security with system call policies. In: USENIX Security (2003)

  19. Halim, F., Ramnath, R., Sufatrio, Wu Y., Yap, R.H.C.: A lightweight binary authentication system for windows. In: IFIPTM (2008)

  20. Ingham, K., Forrest, S.: A history and survey of network firewalls. Technical Report TR-CS-2002-37, University of New Mexico Computer Science Department (2002)

  21. Cui, W., Katz, R.H., Tan, W-.T.: Design and implementation of an extrusion-based break-in detector for personal computers. In: ACSAC (2005)

  22. Gu, G., Porras, P., Yegneswaran, V., Fong, M., Lee, W.: BotHunter: Detecting Malware infection through IDS-driven dialog correlation. In: USENIX Security (2005)

  23. Yen, T-.F., Reiter, M.K.: Traffic aggregation for Malware detection. In: GI International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (2008)

  24. Yap, R.H.C., Sim, T., Kwang, G.K., Ramnath, R.: Physical access protection using continuous authentication. In: IEEE Conference on Technologies for Homeland Security (2008)

  25. Ardagna, C.A., Cremonini, M., Damiani, E., di Vimercati, S.D.C., Samarati, P.: Supporting location-based conditions in access control policies. In: ASIACCS (2006)

  26. Siraj, A., Vaughn, R.B., Bridges, S.M.: Intrusion sensor data fusion in an intelligent intrusion detection system architecture. In: HICSS (2004)

  27. Thomas, C., Balakrishnan, N.: Improvement in intrusion detection with advances in sensor fusion. In: IEEE Transactions on Information Forensics and Security (2009)

Download references

Author information

Authors and Affiliations

  1. School of Computing, National University of Singapore, 13 Computing Drive, Singapore, Singapore

    Ee-Chien Chang, Liming Lu & Roland H. C. Yap

  2. Temasek Laboratories, National University of Singapore, 5A, Engineering Drive 1, Singapore, Singapore

    Yongzheng Wu

  3. Department of Computer Science, National University of Defense Technology, Changsha, Hunan, People’s Republic of China

    Jie Yu

Authors
  1. Ee-Chien Chang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Liming Lu
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Yongzheng Wu
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Roland H. C. Yap
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Jie Yu
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Ee-Chien Chang.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Chang, EC., Lu, L., Wu, Y. et al. Enhancing host security using external environment sensors. Int. J. Inf. Secur. 10, 285–299 (2011). https://doi.org/10.1007/s10207-011-0130-9

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10207-011-0130-9

Keywords

Search

Navigation