Towards Profiling Program Instances in Host-Based Intrusion Detection Systems by Recognizing Software Update Patterns
Article No.: 21, Pages 1 - 4
Abstract
Host intrusion detection systems are used to analyze internal events on host machines and detect behavioral patterns that differ from normal operation of the system and its processes. One important aspect in observing the behavior of processes are the application updates that may change the behavior of an application but also potentially help to build a profile for the application when observing its update patterns. In this study, we observe update frequencies and patterns of a set of applications on 100 machines during an analysis period of 100 days. Our preliminary results indicate that it is possible to detect clear software update patterns that can be used for profiling processes.
References
[1]
Omar Al-Jarrah and Ahmad Arafat. 2014. Network Intrusion Detection System using attack behavior classification. In 5th International Conference on Information and Communication Systems (ICICS), 2014. IEEE, 1--6.
[2]
H. Alanazi, R. Noor, B. Zaidan, and A. Zaidan. 2010. Intrusion detection system: overview. arXiv preprint arXiv:1002.4047 (2010).
[3]
J. Hu, X. Yu, D. Qiu, and H. H. Chen. 2009. A simple and efficient hidden Markov model scheme for host-based anomaly intrusion detection. IEEE Network 23, 1 (2009), 42--47.
[4]
Richard A Kemmerer and Giovanni Vigna. 2002. Intrusion detection: a brief history and overview. Computer 35, 4 (2002), supl27--supl30.
[5]
Microsoft. 2018. Deploy updates using Windows Update for Business. https://docs.microsoft.com/en-us/windows/deployment/update/waas-manage-updates-wufb. (2018).
Index Terms
- Towards Profiling Program Instances in Host-Based Intrusion Detection Systems by Recognizing Software Update Patterns
Recommendations
Host-Based Intrusion Detection System with System Calls: Review and Future Trends
In a contemporary data center, Linux applications often generate a large quantity of real-time system call traces, which are not suitable for traditional host-based intrusion detection systems deployed on every single host. Training data mining models ...
Rule generalisation in intrusion detection systems using SNORT
Intrusion Detection Systems (IDSs) provide an important layer of security for computer systems and networks. An IDS's responsibility is to detect suspicious or unacceptable system and network activity and to alert a systems administrator to this ...
The Design and Implementation of Host-Based Intrusion Detection System
IITSI '10: Proceedings of the 2010 Third International Symposium on Intelligent Information Technology and Security InformaticsIntrusion detection is the process of identifying and responding to suspicious activities targeted at computing and communication resources, and it has become the mainstream of information assurance as the dramatic increase in the number of attacks. ...
Comments
Information & Contributors
Information
Published In
September 2018
148 pages
ISBN:9781450366083
DOI:10.1145/3264437
- Conference Chairs:
- Pete Burnap,
- Atilla Elçi,
- Omer Rana,
- Program Chairs:
- Philipp Reinecke,
- Naghmeh Moradpoor,
- George Theodorakopoulos,
- Koray Karabina
Copyright © 2018 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
In-Cooperation
- Cardiff University: Cardiff University
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 10 September 2018
Check for updates
Author Tags
Qualifiers
- Short-paper
- Research
- Refereed limited
Conference
SIN '18
SIN '18: 11th International Conference On Security Of Information and Networks
September 10 - 12, 2018
Cardiff, United Kingdom
Acceptance Rates
SIN '18 Paper Acceptance Rate 24 of 42 submissions, 57%;
Overall Acceptance Rate 102 of 289 submissions, 35%
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 64Total Downloads
- Downloads (Last 12 months)0
- Downloads (Last 6 weeks)0
Reflects downloads up to 08 Mar 2025
Other Metrics
Citations
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in