This site’s design is only visible in a graphical browser that supports web standards, but its content is accessible to any browser or Internet device. (Why?)

CERIAS Home Page
Swoosh
Embedded Sensors Project (ESP)
 - - - - - - - - -

This project explores novel techniques for performing intrusion detection by using low-level components that are called internal sensors and embedded detectors.

Goal of the Project

To show that it is possible to build reliable, effective and efficient intrusion detection systems using low-level components built into the systems they are designed to monitor.

What are Sensors and Detectors?

An internal sensor is a piece of code built into a program that monitors a specific variable or condition of that program. The program in question could be the Unix kernel, a system utility, or a high-level application. By being built into the program that it is monitoring, an internal sensor can perform direct monitoring on the system, which allows it to obtain information that is reliable (very difficult to modify, either by accident or by a malicious attack) and near real-time (obtained almost at the moment it is generated). An embedded detector is a piece of code built into a program that looks for specific signs of specific attacks or intrusions. An embedded detector bases its decisions on an internal sensor, either explicitly (when the sensor is clearly differentiable from the detector) or implicitly (when the sensor is part of the detector, this is usually the case when the checks are very simple).

Research Papers and Documentation

The following documents describe the project and its concepts in much more detail.
  • Diego Zamboni.
    Using Internal Sensors for Computer Intrusion Detection (Postscript, PDF).
    Ph.D. Thesis, Purdue University, August 2001.
  • Florian Kerschbaum, Eugene H. Spafford, and Diego Zamboni.
    Using embedded sensors for detecting network attacks (Postscript, PDF).
    In Deborah Frincke and Dimitris Gritzalis, editors, Proceedings of the 1st ACM Workshop on Intrusion Detection Systems. ACM SIGSAC, November 2000.
  • Eugene H. Spafford and Diego Zamboni.
    Design and implementation issues for embedded sensors in intrusion detection (Postscript, PDF).
    Presented at the Third International Workshop on Recent Advances in Intrusion Detection (RAID2000), October 2000.
  • Diego Zamboni.
    Doing intrusion detection using embedded sensors -- thesis proposal (Postscript, PDF).
    CERIAS Technical Report 2000-21, CERIAS, Purdue University, West Lafayette, IN, October 2000.
  • Eugene Spafford and Diego Zamboni.
    Data collection mechanisms for intrusion detection systems (Postscript, PDF).
    CERIAS Technical Report 2000-08, CERIAS, Purdue University, 1315 Recitation Building, West Lafayette, IN, June 2000.
  • Florian Kerschbaum, Eugene H. Spafford, and Diego Zamboni.
    Embedded sensors and detectors for intrusion detection.
    Journal of Computer Security 10 (2002) 23–70
    IOS Press.

Project Posters and Handouts

These posters and handouts are used to provide information about our project at research symposia, meetings, and colloquia. The poster has an eye-catching graphic and brief information about the project. The handouts provide some additional details and references.
5th Annual Information Security Symposium (March 23-24, 2004)
Energizing the Enterprise: Cyber Security in Context
4th Annual CERIAS Research Symposium (April 8-9, 2003)
Cyber Security & Safety for the 21st Century
  • Poster [PDF]
  • Handout 1 [PDF]
  • Handout 2 [PDF]

Implementation Information

The initial research was completed as part of Diego Zamboni's Ph.D. work with valuable contributions from Jim Early and Florian Kerschbaum. The initial prototype was built using OpenBSD as the operating system platform.

We are in the process of porting the research prototype to FreeBSD, improving the ESP framework and logging/reporting mechanism, and implementing additional sensors and detectors. The implementation will be freely available once it is in a more complete stage.

Current Members of the Project Group

  • Eugene Spafford, Executive Director CERIAS.
  • Keith Watson, research engineer.
  • Mahesh Babu, undergraduate student.
  • Sarika Agarwal, graduate student.
  • Tae Hoon Kim, undergraduate student.
  • Chris Kois, undergraduate student.
  • Ali Kumcu, graduate student.

Former Members of the Project Group

  • Dan Aiello, graduate student (graduated May 2003).
  • Mike Dulaney, undergraduate student.
  • Jim Early, graduate student.
  • Erin Johnson, undergraduate student.
  • Florian Kerschbaum, graduate student.
  • Blake Matheny, undergraduate student.
  • Scott Tengalia, undergraduate student (graduated May 2003).
  • Diego Zamboni, graduate student (graduated August 2001).

Internal Project Documentation