Server Level Analysis of Network Operation Utilizing System Call Data

Abstract

Malware could be detected by the detection of its self-replication activity. A database of self-replication patterns in the system call domain, such as system call traces of propagation engines of computer worms, was established. Procedures extracting these patterns dispersed within a voluminous system call sequence have been developed on the basis of Colored Petri nets. Host-based IDS utilizing this approach for detecting not only known, but also new, previously unknown malicious programs has been implemented and tested. Host-based system call IDS can lead to false alarms and do not allow to see the "big picture" that is important in the case of a distributed attack. Server-level aggregation and analysis of host-level IDS data can address these problems. A technology for monitoring and preprocessing system calls at the host level, reporting the resultant information to the server, and analyzing the collected information at the server level has been developed. This technology, resulting in the early detection/mitigation of information attacks has been successfully implemented and tested at the computer network testbed.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Sep 25, 2010
Accession Number
ADA563686

Entities

People

  • Victor A. Skormin

Organizations

  • Binghamton University

Tags

Communities of Interest

  • Cyber
  • Materials and Manufacturing Processes

DTIC Thesaurus Topics

  • Computational Science
  • Computer Network Security
  • Computer Program Reliability
  • Computer Programming
  • Computer Programs
  • Computers
  • Databases
  • Detection
  • Detectors
  • Intrusion Detection
  • Intrusion Detection Systems
  • Intrusion Detectors
  • Malware
  • Operating Systems
  • Petri Nets
  • Probabilistic Models
  • Web Browsers

Fields of Study

  • Computer science

Readers

  • Computer Networking
  • Computer Vision.
  • Cybersecurity.

Technology Areas

  • Cyber