It is typical to patch vulnerability codes after incidents occur. It requires a lot of time and effort to recover system damage by intrusions. It is necessary to detect and block intrusions by boosting the durability of systems. This paper proposes a robust method to prevent intrusions by the self-monitoring intrusion system instead of system administrators in Linux system. This method, IDIP, monitors every new scheduled process and checks the intrusion possibilities using IP information of processes. It might be implemented on kernel and a user space process. The proposed method is implemented and tested on Linux, monitors the root privileged processes and increases the level of system security. To test the proposed method, exploit codes are used to attack the vulnerable programs. Although the proposed method is implemented in Linux system, it is applicable to other operating systems.
[1]
Andy Oram,et al.
Understanding the Linux Kernel, Second Edition
,
2002
.
[2]
B. Achiriloaie,et al.
VI REFERENCES
,
1961
.
[3]
Tzi-cker Chiueh,et al.
Tracing the root of "rootable" processes
,
2004,
20th Annual Computer Security Applications Conference.
[4]
Craig A. Knoblock,et al.
Advanced Programming in the UNIX Environment
,
1992,
Addison-Wesley professional computing series.
[5]
Martin Roesch,et al.
Snort - Lightweight Intrusion Detection for Networks
,
1999
.
[6]
Makoto Shimamura,et al.
Using Attack Information to Reduce False Positives in Network IDS
,
2006,
11th IEEE Symposium on Computers and Communications (ISCC'06).