A Host-based Intrusion Detection System using architectural features to improve sophisticated denialof-service attack detections

Authors

Ran Tao, Louisiana State University
Li Yang, University of Tennessee at Chattanooga
Lu Peng, Louisiana State University
Bin Li, Louisiana State University

Document Type

Article

Publication Date

1-1-2010

Abstract

Application features like port numbers are used by Network-based Intrusion Detection Systems (NIDSs) to detect attacks coming from networks. System calls and the operating system related information are used by Host-based Intrusion Detection Systems (HIDSs) to detect intrusions toward a host. However, the relationship between hardware architecture events and Denial-of-Service (DoS) attacks has not been well revealed. When increasingly sophisticated intrusions emerge, some attacks are able to bypass both the application and the operating system level feature monitors. Therefore, a more effective solution is required to enhance existing HIDSs. In this article, the authors identify the following hardware architecture features: Instruction Count, Cache Miss, Bus Traffic and integrate them into a HIDS framework based on a modern statistical Gradient Boosting Trees model. Through the integration of application, operating system and architecture level features, the proposed HIDS demonstrates a significant improvement of the detection rate in terms of sophisticated DoS intrusions. Copyright © 2010, IGI Global.

Publication Source (Journal or Book title)

International Journal of Information Security and Privacy

First Page

18

Last Page

31

Recommended Citation

Tao, R., Yang, L., Peng, L., & Li, B. (2010). A Host-based Intrusion Detection System using architectural features to improve sophisticated denialof-service attack detections. International Journal of Information Security and Privacy, 4 (1), 18-31. https://doi.org/10.4018/jisp.2010010102