IDEA

A new intrusion detection data source

William Mahoney, William Sousan

Research output: Chapter in Book/Report/Conference proceedingConference contribution

2 Citations (Scopus)

Abstract

In the context of computer systems, an intrusion is generally considered to be a harmful endeavor to prevent others from legitimate use of that system, to obtain data which is not normally available to the intruder, or to plant data or disrupt data already existent on the machines. Traditionally intrusion detection has relied on two data sources: various log flies which record user's activity, and network traffic which contains potential threats. This research presents a system which we call IDEA; the Intrusion DEtection Automata system. We utilize a third source of data for intrusion detection in the form of an instrumented process. Open source software is recompiled using a modified compiler we have created, and the resulting executable program generates the data as it runs. An external monitoring facility then checks the behavior of the program against known good execution paths. These paths are specified either using a domain specific language and hand-written rules, or by running the software in a learning mode and capturing the normal behavior for later comparison.

Original languageEnglish (US)
Title of host publicationProceedings of the 2nd International Conference on Information Security and Assurance, ISA 2008
Pages15-19
Number of pages5
DOIs
StatePublished - Sep 15 2008
Event2nd International Conference on Information Security and Assurance, ISA 2008 - Busan, Korea, Republic of
Duration: Apr 24 2008Apr 26 2008

Publication series

NameProceedings of the 2nd International Conference on Information Security and Assurance, ISA 2008

Conference

Conference2nd International Conference on Information Security and Assurance, ISA 2008
CountryKorea, Republic of
CityBusan
Period4/24/084/26/08

Fingerprint

Intrusion detection
Computer systems
Monitoring
Data sources
threat
monitoring
language
learning

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Information Systems and Management
  • Electrical and Electronic Engineering
  • Communication

Cite this

Mahoney, W., & Sousan, W. (2008). IDEA: A new intrusion detection data source. In Proceedings of the 2nd International Conference on Information Security and Assurance, ISA 2008 (pp. 15-19). [4511526] (Proceedings of the 2nd International Conference on Information Security and Assurance, ISA 2008). https://doi.org/10.1109/ISA.2008.32

IDEA : A new intrusion detection data source. / Mahoney, William; Sousan, William.

Proceedings of the 2nd International Conference on Information Security and Assurance, ISA 2008. 2008. p. 15-19 4511526 (Proceedings of the 2nd International Conference on Information Security and Assurance, ISA 2008).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Mahoney, W & Sousan, W 2008, IDEA: A new intrusion detection data source. in Proceedings of the 2nd International Conference on Information Security and Assurance, ISA 2008., 4511526, Proceedings of the 2nd International Conference on Information Security and Assurance, ISA 2008, pp. 15-19, 2nd International Conference on Information Security and Assurance, ISA 2008, Busan, Korea, Republic of, 4/24/08. https://doi.org/10.1109/ISA.2008.32
Mahoney W, Sousan W. IDEA: A new intrusion detection data source. In Proceedings of the 2nd International Conference on Information Security and Assurance, ISA 2008. 2008. p. 15-19. 4511526. (Proceedings of the 2nd International Conference on Information Security and Assurance, ISA 2008). https://doi.org/10.1109/ISA.2008.32
Mahoney, William ; Sousan, William. / IDEA : A new intrusion detection data source. Proceedings of the 2nd International Conference on Information Security and Assurance, ISA 2008. 2008. pp. 15-19 (Proceedings of the 2nd International Conference on Information Security and Assurance, ISA 2008).
@inproceedings{18f19e142c944836924fbdc4e554e2f1,
title = "IDEA: A new intrusion detection data source",
abstract = "In the context of computer systems, an intrusion is generally considered to be a harmful endeavor to prevent others from legitimate use of that system, to obtain data which is not normally available to the intruder, or to plant data or disrupt data already existent on the machines. Traditionally intrusion detection has relied on two data sources: various log flies which record user's activity, and network traffic which contains potential threats. This research presents a system which we call IDEA; the Intrusion DEtection Automata system. We utilize a third source of data for intrusion detection in the form of an instrumented process. Open source software is recompiled using a modified compiler we have created, and the resulting executable program generates the data as it runs. An external monitoring facility then checks the behavior of the program against known good execution paths. These paths are specified either using a domain specific language and hand-written rules, or by running the software in a learning mode and capturing the normal behavior for later comparison.",
author = "William Mahoney and William Sousan",
year = "2008",
month = "9",
day = "15",
doi = "10.1109/ISA.2008.32",
language = "English (US)",
isbn = "9780769531267",
series = "Proceedings of the 2nd International Conference on Information Security and Assurance, ISA 2008",
pages = "15--19",
booktitle = "Proceedings of the 2nd International Conference on Information Security and Assurance, ISA 2008",

}

TY - GEN

T1 - IDEA

T2 - A new intrusion detection data source

AU - Mahoney, William

AU - Sousan, William

PY - 2008/9/15

Y1 - 2008/9/15

N2 - In the context of computer systems, an intrusion is generally considered to be a harmful endeavor to prevent others from legitimate use of that system, to obtain data which is not normally available to the intruder, or to plant data or disrupt data already existent on the machines. Traditionally intrusion detection has relied on two data sources: various log flies which record user's activity, and network traffic which contains potential threats. This research presents a system which we call IDEA; the Intrusion DEtection Automata system. We utilize a third source of data for intrusion detection in the form of an instrumented process. Open source software is recompiled using a modified compiler we have created, and the resulting executable program generates the data as it runs. An external monitoring facility then checks the behavior of the program against known good execution paths. These paths are specified either using a domain specific language and hand-written rules, or by running the software in a learning mode and capturing the normal behavior for later comparison.

AB - In the context of computer systems, an intrusion is generally considered to be a harmful endeavor to prevent others from legitimate use of that system, to obtain data which is not normally available to the intruder, or to plant data or disrupt data already existent on the machines. Traditionally intrusion detection has relied on two data sources: various log flies which record user's activity, and network traffic which contains potential threats. This research presents a system which we call IDEA; the Intrusion DEtection Automata system. We utilize a third source of data for intrusion detection in the form of an instrumented process. Open source software is recompiled using a modified compiler we have created, and the resulting executable program generates the data as it runs. An external monitoring facility then checks the behavior of the program against known good execution paths. These paths are specified either using a domain specific language and hand-written rules, or by running the software in a learning mode and capturing the normal behavior for later comparison.

UR - http://www.scopus.com/inward/record.url?scp=51349162115&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=51349162115&partnerID=8YFLogxK

U2 - 10.1109/ISA.2008.32

DO - 10.1109/ISA.2008.32

M3 - Conference contribution

SN - 9780769531267

T3 - Proceedings of the 2nd International Conference on Information Security and Assurance, ISA 2008

SP - 15

EP - 19

BT - Proceedings of the 2nd International Conference on Information Security and Assurance, ISA 2008

ER -