Skip to main content
SpringerLink
Log in

Intrusion detection and virology: an analysis of differences, similarities and complementariness

  • Extended version of WTCV'06
  • Published:
Journal in Computer Virology Aims and scope Submit manuscript

Abstract

In this paper, we analyze the differences, similarities and complementariness which exist between two major domains of nowadays information security: intrusion detection on one hand, virology and anti-viruses technologies on the other hand. This analysis is built from two points of view. First, we compare, through the definitions that have been proposed by researchers of the two communities, the goals that are actually pursued in each domain. Then, we compare the techniques that have been developed to reach these goals. In the conclusion, we summarize our analysis and suggest that alert correlation is one way to make the two fields cooperate.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Adleman, L.: An abstract theory of computer viruses. In: Advances in Cryptology. Lecture Notes in Computer Science, vol. 403, pp 354–374. Springer, New York (1988)

  2. Anderson, J.P.: Computer security threat monitoring and surveillance. Technical report, James P. Anderson Company, Fort Washington, Pennsylvania, April 1980

  3. Bonfante, G., Kaczmarek, M., Marion, J.-Y.: Toward an abstract computer virology. In: International Colloquium on Theoretical Aspects of Computing. Lecture Notes in Computer Science, vol. 3722, pp 579–593. Springer, New York (2005)

  4. Bonfante G., Kaczmarek M. and Marion J.-Y. (2006). On abstract computer virology from a recursion theoretic perspective. J. Comput. Virol. 1(3): 45–54

    Article  Google Scholar 

  5. Brunnstein, K.: From AntiVirus to AntiMalware Software and beyond: another approach to the protection of customers from dysfunctional system behaviour. In 22th National Information Systems Security Conference, pp 12–26 (1999)

  6. Charlier, B.L., Mounji, A., Swimmer, M.: Dynamic detection and classification of computer viruses using general behaviour patterns. In: Proceedings of 5th International Virus Bulletin Conference (1995)

  7. Cohen, F.: Computer viruses. PhD Thesis, University of Southern California (1985)

  8. Debar, H., Dacier, M., Wespi, A.: A revised taxonomy for intrusion-detection systems. Ann. des Télécommun. 55(7-8), 361–378 (2000)

    Google Scholar 

  9. Denning D.E. (1987). An intrusion-detection model. IEEE Trans. Softw. Eng. 13(2): 222–232

    Google Scholar 

  10. D’Haeseleer, P., Forrest, S., Helman, P.: An immunological approach to change detection: algorithms, analysis and implications. In: Proceedings of the 1996 IEEE Symposium on Research in Security and Privacy. IEEE Computer Society Press, Oakland, pp 110–119 (1996)

  11. Filiol, E.: Computer viruses: from theory to applications. Springer, New York (2005)

  12. Forrest, S., Hofmeyr, S.A., Somayaji, A., Longstaff, T.A.: A sense of self for unix processes. In: Proceedings of the 1996 IEEE Symposium on Research in Security and Privacy. IEEE Computer Society, IEEE Computer Society Press, pp~120–128, May 1996

  13. Habra, N., Charlier, B.L., Mounji, A., Mathieu, I.: ASAX: software architecture and rule-based language for universal audit trail analysis. In: Proceedings of the 2nd European Symposium on Research in Computer Security (ESORICS’92). Lecture Notes in Computer Science, vol. 648, pp 435–450. Springer, New York (1992)

  14. Ko, C., Redmond, T.: Noninterference and intrusion detection. In: Proceedings of the IEEE Symposium on Security and Privacy (2002)

  15. Kolesnikov, O., Lee, W.: Advanced polymorphic worms: evading IDS by blending in with normal traffic. In: USENIX Security Symposium (2006)

  16. Pouzol, J.-P., Ducassé, M.: From declarative signatures to misuse IDS. In W.~Lee, L.~Mé, A.~Wespi (eds.) In: Proceedings of the 4th International Symposium on the Recent Advances in Intrusion Detection (RAID’2001). LNCS, vol. 2212, pp~1–21, October (2001)

  17. Pouzol, J.-P., Ducassé, M.: Formal specification of intrusion signatures and detection rules. In: Proceedings of the 15th IEEE Computer Security Foudations Workshop (CSFW’02). IEEE Computer Society, pp 64–76, June (2002)

  18. Spafford E.H. (1994). Computer viruses as artificial life. J. Artif. Life 1(3): 249–265

    Article  Google Scholar 

  19. Swimmer,M.: Review and outlook of the detection of viruses using intrusion detection systems. In Debar H., Mé L., Wu S.F. (eds.) In: Proceedings of the 3rd International Workshop on the Recent Advances in Intrusion Detection (RAID’2000). LNCS, vol. 1907. Springer, New York, October 2000 (Extended abstract)

  20. Swimmer, M.: Malware intrusion detection. PhD Thesis, Hamburg University (2005)

  21. Totel, E., Vivinis, B., Mé, L.: A language driven intrusion detection system for event and alert correlation. In: Proceedings ot the 19th IFIP International Information Security Conference, pp 209–224, Toulouse. Kluwer, Dordrecht, August 2004.

  22. Viinikka, J., Debar, H., Mé, L., Séguier, R.: Time series modeling for IDS alert management. In: Proceedings of the ACM Symposium on Information, Computer and Communications Security (ASIACCS’06), pp 102–113. ACM Press (2006)

  23. Wang, K., Parekh, J.J., Stolfo, S.J.: Anagram: A content anomaly detector resistant to mimicry attack. In: Zamboni, D., Kruegel, C. (eds.) Recent Advances in Intrusion Detection. Lecture Notes in Computer Science, vol. 4219, pp 226–248. Springer, New York (2006)

  24. Wang, K., Stolfo, S.J.: Anomalous payload-based network intrusion detection. In: Erland Jonsson, Alfonso Valdes, Magnus Almgren (eds.) Proceedings of the 7th International Symposium on Recent Advances in Intrusion Detection (RAID’2004). Lecture Notes in Computer Science, vol. 3224, pp 203–222. Springer, New York, September 15–17 (2004)

  25. Zimmermann, J., Mé, L., Bidan, C.: Introducing reference flow control for detecting intrusion symptoms at the os level. In: Wespi, A., Vigna, G., Deri, L. (eds.) Proceedings of the 5th International Symposium on Recent Advances in Intrusion Detection (RAID’2002). Lecture Notes in Computer Science, vol. 2516, pp 292–306. Springer, New York (2002)

  26. Zimmermann, J., Mé, L., Bidan, C.: Experimenting with a policy-based hids based on an information flow control model. In Proceedings of the Annual Computer Security Applications Conference (ACSAC), December (2003)

Download references

Author information

Authors and Affiliations

  1. Supélec, Rennes, France

    Benjamin Morin & Ludovic Mé

Authors
  1. Benjamin Morin
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ludovic Mé
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Benjamin Morin.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Morin, B., Mé, L. Intrusion detection and virology: an analysis of differences, similarities and complementariness. J Comput Virol 3, 39–49 (2007). https://doi.org/10.1007/s11416-007-0036-2

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11416-007-0036-2

Keywords

Search

Navigation