NetHost-sensor: Monitoring a target host's application via system calls

Abimbola, A., Munoz, J., Buchanan, W. (2006). NetHost-sensor: Monitoring a target host's application via system calls. Information Security Tech. Report, 11, (4), 166-175.


ISBN:
ISSN: 1363-4127

Abstract

Intrusion detection has emerged as an important approach to network, host and application security. Network security includes analysing network packet payload and other inert network packet profiles for intrusive trends; whereas, host security may employ system logs for intrusion detection. In this paper, we contribute to the research community by tackling application security and attempt to detect intrusion via differentiating normal and abnormal application behaviour. A method for anomaly intrusion detection for applications is proposed based on deterministic system call traces derived from a monitored target application's dynamic link libraries (DLLs). We isolate associated DLLs of a monitored target application; log system call traces of the application in real time and use heuristic method to detect intrusion before the application is fully compromised. Our investigative research experiment methodology and set-up are reported, alongside our experimental procedure and results that show our research effort is effective and efficient, and can be used in practice to monitor a target application in real time.
[Read More]

Authors

William Buchanan
Director of CDCS
w.buchanan@napier.ac.uk
+44 131 455 2759

Areas of Expertise

Cyber-Security
Electronic information now plays a vital role in almost every aspect of our daily lives. So the need for a secure and trustworthy online infrastructure is more important than ever. without it, not only the growth of the internet but our personal interactions and the economy itself could be at risk.

Associated Projects