The UNIX and Linux Forums  

Go Back   The UNIX and Linux Forums > Special Forums > Security
Reload this Page Intrusion Detection - System Call Introspection
.
google unix.com

Forums Register Forum RulesLinksAlbums FAQ Members List Calendar Search Today's Posts Mark Forums Read



Thread: Intrusion Detection - System Call Introspection
View Single Post in the UNIX and Linux Forums - Click on the Thread or Permalink to View Entire Thread -->
  #6 (permalink)  
Old 04-09-2009
Neo's Avatar
Neo Neo is online now Forum Staff  
Administrator
  
 

Join Date: Sep 2000
Location: Asia Pacific
Posts: 6,823
Quote:
Originally Posted by aravind007 View Post
can u give me a code for host based intrusion detection using system call introspection...
Before you can define a host-based intrusion detection system using system call introspection, you must specify your operating system, your application, and the APIs into your system that would interface with an IDS.

What is your platform, your application and APIs?

----
Note: Refer to the attached paper on BlueBox, a host-based IDS research project that uses Linux kernel modifications for system call introspection. One of the main issues with system call introspection is, generally speaking, the requirement to modify the kernel so system calls can be inspected.

Also note: The attached paper describes a rule-based approach for system call introspection. A rule-based approach alone, while this approach does have value, is inefficient and labor intensive. A machine-learning algorithm that crunches events from system call introspection APIs is requires for more advanced, complex analysis.
Attached Files
File Type: pdf ids-paper-1.pdf (267.0 KB, 62 views)
Last edited by Neo; 04-09-2009 at 04:35 PM.. Reason: added notes.