A Survey of Intrusion Detection Systems Leveraging Host Data
Abstract
This survey focuses on intrusion detection systems (IDS) that leverage host-based data sources for detecting attacks on enterprise network. The host-based IDS (HIDS) literature is organized by the input data source, presenting targeted sub-surveys of HIDS research leveraging system logs, audit data, Windows Registry, file systems, and program analysis. While system calls are generally included in audit data, several publicly available system call datasets have spawned a flurry of IDS research on this topic, which merits a separate section. To accommodate current researchers, a section giving descriptions of publicly available datasets is included, outlining their characteristics and shortcomings when used for IDS evaluation. Related surveys are organized and described. All sections are accompanied by tables concisely organizing the literature and datasets discussed. Finally, challenges, trends, and broader observations are throughout the survey and in the conclusion along with future directions of IDS research. Overall, this survey was designed to allow easy access to the diverse types of data available on a host for sensing intrusion, the progressions of research using each, and the accessible datasets for prototyping in the area.
Document Details
- Document Type
- Pub Defense Publication
- Publication Date
- Nov 14, 2019
- Source ID
- 10.1145/3344382
Entities
People
- Maria S. Vincent
- Michael D. Iannacone
- Qian Chen
- Robert A. Bridges
- Tarrah R. Glass-Vanderlan
Organizations
- Intelligence Advanced Research Projects Activity
- Oak Ridge National Laboratory
- United States Department of Energy
- University of Texas at Austin