Advances and Challenges in Standalone Host-Based Intrusion Detection Systems

Lately a significant research effort was given to the development of network-based, hybrid and collaborative intrusion detection systems. Standalone host-based intrusion detection systems (HIDSs) were out of the main focus of security researchers. However, the importance of standalone HIDSs is still considerable. They are a suitable alternative when we need to secure notebooks traversing between networks, computers connected to untrusted networks or mobile devices communicating through wireless networks. This survey presents recent advances in standalone HIDSs, along with current research trends. We discuss the detection of intrusions from a host network traffic analysis, process behavior monitoring and file integrity checking. A separate chapter is devoted to the protection of HIDS against tampering.

[1]  Hari Balakrishnan,et al.  Not-a-Bot: Improving Service Availability in the Face of Botnet Attacks , 2009, NSDI.

[2]  Mark Stamp,et al.  Handbook of Information and Communication Security , 2010, Handbook of Information and Communication Security.

[3]  Heejo Lee,et al.  Hidden Bot Detection by Tracing Non-human Generated Traffic at the Zombie Host , 2011, ISPEC.

[4]  Hai Jin,et al.  A guest-transparent file integrity monitoring method in virtualization environment , 2010, Comput. Math. Appl..

[5]  Michel Cukier,et al.  Evaluating Attack Resiliency for Host Intrusion Detection Systems , 2009 .

[6]  Yoshiyasu Takefuji,et al.  A novel approach for a file-system integrity monitor tool of Xen virtual machine , 2007, ASIACCS '07.

[7]  Heejo Lee,et al.  PROBE: A Process Behavior-Based Host Intrusion Prevention System , 2008, ISPEC.

[8]  Masakatsu Nishigaki,et al.  Host-based traceback; tracking bot and C&C server , 2009, ICUIMC '09.

[9]  J. Kaczmarek,et al.  Modern approaches to file system integrity checking , 2008, 2008 1st International Conference on Information Technology.

[10]  Deian Stefan,et al.  User-Assisted Host-Based Detection of Outbound Malware Traffic , 2009, ICICS.

[11]  Christopher Leckie,et al.  A survey of coordinated attacks and collaborative intrusion detection , 2010, Comput. Secur..

[12]  Arputharaj Kannan,et al.  A Behavior Based Approach to Host-Level Intrusion Detection Using Self-Organizing Maps , 2008, 2008 First International Conference on Emerging Trends in Engineering and Technology.

[13]  Tansel Özyer,et al.  Intrusion detection by integrating boosting genetic fuzzy classifier and data mining criteria for rule pre-screening , 2007, J. Netw. Comput. Appl..

[14]  Christopher Krügel,et al.  Effective and Efficient Malware Detection at the End Host , 2009, USENIX Security Symposium.

[15]  Adrian Perrig,et al.  Help Me Help You: Using Trustworthy Host-Based Information in the Network (CMU-CyLab-09-016) , 2009 .

[16]  Jiankun Hu,et al.  Host-Based Anomaly Intrusion Detection , 2010, Handbook of Information and Communication Security.

[17]  Masakatsu Nishigaki,et al.  Detection of Bot Infected PCs Using Destination-Based IP and Domain Whitelists During a Non-Operating Term , 2008, IEEE GLOBECOM 2008 - 2008 IEEE Global Telecommunications Conference.

[18]  Carlos Maziero,et al.  Protecting host-based intrusion detectors through virtual machines , 2007, Comput. Networks.

[19]  Karen A. Scarfone,et al.  Guide to Intrusion Detection and Prevention Systems (IDPS) , 2007 .

[20]  Xiaoxin Chen,et al.  Automated containment of rootkits attacks , 2008, Comput. Secur..

[21]  Erez Zadok,et al.  Ensuring data integrity in storage: techniques and applications , 2005, StorageSS '05.

[22]  Abhinav Srivastava,et al.  Tamper-Resistant, Application-Aware Blocking of Malicious Network Connections , 2008, RAID.

[23]  Michael K. Reiter,et al.  Integrity Checking in Cryptographic File Systems with Constant Trusted Storage , 2007, USENIX Security Symposium.

[24]  Erez Zadok,et al.  I3FS: An In-Kernel Integrity Checker and Intrusion Detection File System , 2004, LISA.

[25]  Wenke Lee,et al.  Lares: An Architecture for Secure Active Monitoring Using Virtualization , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[26]  Jianying Zhou,et al.  Information and Communications Security , 2013, Lecture Notes in Computer Science.

[27]  Santosh Biswas,et al.  An Active Host-Based Detection Mechanism for ARP-Related Attacks , 2011 .

[28]  Abdulmotaleb El-Saddik,et al.  DDoSniffer: Detecting DDoS attack at the source agents , 2009, Int. J. Adv. Media Commun..

[29]  Surinder Singh Khurana,et al.  Recovery Based Architecture to Protect Hids Log Files using Time Stamps , 2010 .

[30]  Thomas Henry Ptacek,et al.  Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection , 1998 .