Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Intrusion Detection - System Call Introspection
Special Forums Cybersecurity Intrusion Detection - System Call Introspection Post 302305713 by Neo on Thursday 9th of April 2009 02:30:46 PM
Old 04-09-2009
Quote:
Originally Posted by aravind007
can u give me a code for host based intrusion detection using system call introspection...
Before you can define a host-based intrusion detection system using system call introspection, you must specify your operating system, your application, and the APIs into your system that would interface with an IDS.

What is your platform, your application and APIs?

----
Note: Refer to the attached paper on BlueBox, a host-based IDS research project that uses Linux kernel modifications for system call introspection. One of the main issues with system call introspection is, generally speaking, the requirement to modify the kernel so system calls can be inspected.

Also note: The attached paper describes a rule-based approach for system call introspection. A rule-based approach alone, while this approach does have value, is inefficient and labor intensive. A machine-learning algorithm that crunches events from system call introspection APIs is requires for more advanced, complex analysis.
ids-paper-1.pdf (267.0 KB) 
Last edited by Neo; 04-09-2009 at 04:35 PM.. Reason: added notes.
 

7 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

how to differentiate system call from library call

Hi, Ho do I differentiate system call from library call? for example if I am using chmod , how do I find out if it is a system call or library call? Thanks Muru (2 Replies)
Discussion started by: muru
2 Replies

2. Shell Programming and Scripting

A simple intrusion detection script

If you have a very static Linux server and you want to make sure it's not messed with, here's a simple script that will tell you if any files have been tampered with. It's not as fancy or as secure as tripwire or those others, but it is very simple. It can be easily adapted to any *NIX OS. ... (3 Replies)
Discussion started by: otheus
3 Replies

3. Shell Programming and Scripting

system call

Hi, How to write a system calls in a script ? > cd $HOME > ls -ltr thanks in advance.. (10 Replies)
Discussion started by: hegdeshashi
10 Replies

4. Shell Programming and Scripting

need bash script Intrusion Detection on Linux

Hello all I have a script but I failed on the creation of Script is any is carried out in the shell sends the owner of the server, the message is has been implemented For example, functioned as a detection system intruders but in smaller Is it possible to help if you allow I want the... (4 Replies)
Discussion started by: x-zer0
4 Replies

5. Programming

system call

I have a cgi script which is called after certain time interval, which has this: system ("ls -l /tmp/cgic* | grep -v \"cgicsave.env\" | awk '{print $5}'"); During the execution of this script,the output is 0 sometimes. But due to this the system call is not working at all and doesnt o/p... (2 Replies)
Discussion started by: xs2punit
2 Replies

6. Programming

need help with system call

hi everyone i wrote a system call and compiled the kernel succesfully... my system call is in a file in the kernel folder named my_syscall1.c (kernel/my_syscall1.c) the header file for this system call i added it in the folder include like this include/my_syscall1/my_syscall1.h my problem is... (2 Replies)
Discussion started by: demis87
2 Replies

7. Programming

Parallel Processing Detection and Program Return Value Detection

Hey, for the purpose of a research project I need to know if a specific type of parallel processing is being utilized by any user-run programs. Is there a way to detect whether a program either returns a value to another program at the end of execution, or just utilizes any form of parallel... (4 Replies)
Discussion started by: azar.zorn
4 Replies

LEARN ABOUT DEBIAN

mdbus2

mdbus2(1)						      General Commands Manual							 mdbus2(1)

NAME

       mdbus2 - Mickey's DBus introspection and interaction utility

SYNOPSIS

       mdbus2 [OPTIONS...] [ busname [ objectpath [ method [ params... ] ] ] ]

DESCRIPTION

       The mdbus2 command is used to explore and interact with DBus services on your system bus and session bus. Called without any parameters, it
       will show the available services on the selected bus. Given a service name, it will show the available objects  exported  by  the  service.
       Given a service name and an object path, it will show the exposed methods, signals, and properties of that object.

       There  are  two	well-known  message buses: the systemwide message bus (installed on many systems as the "messagebus" service) and the per-
       user-login-session message bus (started each time a user logs in).  The --system option directs mdbus2 to operate on the system bus  rather
       than the session bus.

       mdbus2  has  three  modes:  The	introspection mode, the listening mode (-l), and the interactive mode (-i).  The interactive mode features
       readline command completion and history.

       The message bus configuration may keep mdbus2 from seeing all messages, especially if you run it as a non-root user.

OPTIONS

       --show-anonymous
	      Include unique DBus names (:1.xyz) in the output.

       --show-pids
	      Include PIDs in the output. (Only valid in introspection mode)

       --listen
	      Start in listening mode.

       --system
	      Use the system bus rather than the session bus.

       --interactive
	      Start in interactive mode.

EXAMPLE

       Here is an example of using mdbus2 to listen to all signals on the session bus.

	 mdbus2 -s -l

AUTHOR

       mdbus2 was written by Michael 'Mickey' Lauer.

BUGS

       Please send bug reports to the freesmartphone.org issue tracker, see http://trac.freesmartphone.org

																	 mdbus2(1)
All times are GMT -4. The time now is 04:58 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy