Using embedded sensors for detecting network attacks

Get BibTex-formatted data

Download

PDF

Author

Florian Kerschbaum and Eugene H. Spafford and Diego Zamboni

Tech report number

CERIAS TR 2000-25

Entry type

inproceedings

Abstract

Embedded sensors for intrusion detection consist of code added to the operating system and the programs of the hosts where monitoring will take place. The sensors check for specific conditions that indicate an attack is taking place, or an intrusion has occurred. Embedded sensors have advantages over other data collection techniques (usually implemented as separate processes) in terms of reduced host impact, resistance to attack, efficiency and effectiveness of detection. We describe the use of embedded sensors in general, and their application to the detection of specific network-based attacks. The sensors were implemented in the OpenBSD operating system, and our tests show a 100% success rate in the detection of the attacks for which sensors were instrumented. We discuss the sensors implemented and the results obtained, as well as current and future work in the area.

Download

PDF

Date

2000 – November

URL

https://www.cerias.purdue.edu/papers/archive/2000-25.pdf

Booktitle

Proceedings of the 1st ACM Workshop on Intrusion Detection Systems

Editor

Deborah Frincke and Dimitris Gritzalis

Key alpha

kerschbaum00:network-embedded-sensors

Organization

ACM SIGSAC

Publication Date

1900-01-01

BibTex-formatted data

To refer to this entry, you may select and copy the text below and paste it into your BibTex document. Note that the text may not contain all macros that BibTex supports.

@Inproceedings{ kerschbaum00:network-embedded-sensors,
	title = "Using embedded sensors for detecting network attacks",
	author = "Florian Kerschbaum and Eugene H. Spafford and Diego Zamboni",
	year = "2000",
	month = "November",
	booktitle = "Proceedings of the 1st ACM Workshop on Intrusion Detection Systems",
	editor = "Deborah Frincke and Dimitris Gritzalis",
	organization = "ACM SIGSAC",
	abstract = "Embedded sensors for intrusion detection consist of code added to the operating system
and the programs of the hosts where monitoring will take place. The
sensors check for specific conditions that indicate an attack is
taking place, or an intrusion has occurred. Embedded sensors have 
advantages over other data collection techniques (usually implemented
as separate processes) in terms of reduced host impact, resistance to
attack, efficiency and effectiveness of detection. We describe the use 
of embedded sensors in general, and their application to the detection 
of specific network-based attacks. The sensors were implemented in the 
OpenBSD operating system, and our tests show a 100% success rate in
the detection of the attacks for which sensors were instrumented. We
discuss the sensors implemented and the results obtained, as well as
current and future work in the area.
",
	url = "https://www.cerias.purdue.edu/papers/archive/2000-25.pdf",
}