B 2004

Intrusion detection system based on process behavior rating

PLUSKAL, Tomáš

Základní údaje

Originální název

Intrusion detection system based on process behavior rating

Autoři

PLUSKAL, Tomáš

Vydání

50 s. 2004

Další údaje

Typ výsledku

Odborná kniha

Utajení

není předmětem státního či obchodního tajemství

Odkazy

URL
Změněno: 26. 10. 2004 16:48, Mgr. Tomáš Pluskal

Anotace

V originále

The goal of the work is to implement a kernel module for the FreeBSD operating system, performing a defined set of tests on every running process in the OS and rating results of these tests according to whether they correspond to a common benign process or to a process performing a dangerous or suspicious activity. An occurence of a process with a score exceeding a predefined threshold will be reported as a potential intrusion. Part of the work is to prepare a basic set of tests analyzing instantaneous properties of a process as well as its behaviour and unexpected changes in this behaviour in particular, and to determine suitable parameters used to rate results of these tests. The implemented tests focus on 3 types of common security problems: buffer overflow, symlink attack and denial of service. Parameter assignment is realized using a genetic algorithm. At the end, a possible future approach to developping such a detection system is proposed.
Zobrazeno: 17. 11. 2024 03:18