Welcome to the InfoSci Platform
A Host-Based Intrusion Detection System Using Architectural Features to Improve Sophisticated Denial-of-Service Attack Detections

A Host-Based Intrusion Detection System Using Architectural Features to Improve Sophisticated Denial-of-Service Attack Detections

Ran Tao, Li Yang, Lu Peng, Bin Li
Copyright: © 2010 |Volume: 4 |Issue: 1 |Pages: 14
ISSN: 1930-1650|EISSN: 1930-1669|ISSN: 1930-1650|EISBN13: 9781616929329|EISSN: 1930-1669|DOI: 10.4018/jisp.2010010102
Cite Article Cite Article

MLA

Tao, Ran, et al. "A Host-Based Intrusion Detection System Using Architectural Features to Improve Sophisticated Denial-of-Service Attack Detections." IJISP vol.4, no.1 2010: pp.18-31. http://doi.org/10.4018/jisp.2010010102

APA

Tao, R., Yang, L., Peng, L., & Li, B. (2010). A Host-Based Intrusion Detection System Using Architectural Features to Improve Sophisticated Denial-of-Service Attack Detections. International Journal of Information Security and Privacy (IJISP), 4(1), 18-31. http://doi.org/10.4018/jisp.2010010102

Chicago

Tao, Ran, et al. "A Host-Based Intrusion Detection System Using Architectural Features to Improve Sophisticated Denial-of-Service Attack Detections," International Journal of Information Security and Privacy (IJISP) 4, no.1: 18-31. http://doi.org/10.4018/jisp.2010010102

Export Reference

Mendeley
Favorite Full-Issue Download

Abstract

Application features like port numbers are used by Network-based Intrusion Detection Systems (NIDSs) to detect attacks coming from networks. System calls and the operating system related information are used by Host-based Intrusion Detection Systems (HIDSs) to detect intrusions toward a host. However, the relationship between hardware architecture events and Denial-of-Service (DoS) attacks has not been well revealed. When increasingly sophisticated intrusions emerge, some attacks are able to bypass both the application and the operating system level feature monitors. Therefore, a more effective solution is required to enhance existing HIDSs. In this article, the authors identify the following hardware architecture features: Instruction Count, Cache Miss, Bus Traffic and integrate them into a HIDS framework based on a modern statistical Gradient Boosting Trees model. Through the integration of application, operating system and architecture level features, the proposed HIDS demonstrates a significant improvement of the detection rate in terms of sophisticated DoS intrusions.

Request Access

You do not own this content. Please login to recommend this title to your institution's librarian or purchase it from the IGI Global bookstore.