Abstract
Embedded sensors for intrusion detection consist of code added to the operating system
and the programs of the hosts where monitoring will take place. The
sensors check for specific conditions that indicate an attack is
taking place, or an intrusion has occurred. Embedded sensors have
advantages over other data collection techniques (usually implemented
as separate processes) in terms of reduced host impact, resistance to
attack, efficiency and effectiveness of detection. We describe the use
of embedded sensors in general, and their application to the detection
of specific network-based attacks. The sensors were implemented in the
OpenBSD operating system, and our tests show a 100% success rate in
the detection of the attacks for which sensors were instrumented. We
discuss the sensors implemented and the results obtained, as well as
current and future work in the area.