NITRSCT: A Software Security tool for collection and analysis of Kernel Calls

Software security is the way of developing software such that, it should function well under malicious attack. In this paper, we design and develop an automation tool named NITRSCT (NITR System Call Tracer), using Microsoft's package to listen to the system calls generated by processes or threads during a context switch. It will allow any version of the Windows Operating System to serve as a system call tracer. The said Windows Service can be installed and controlled through Windows Service Manager. This service stores the sequence of system calls in the form of a trace file as well as a text file along with the SQL database for more verbosity. This sequence represents the normal behaviour of the software. A well-defined log file with different level of verbosity along with the Event Manager enables the user to be well informed about the errors that might have incurred while running services on their systems. Therefore, the dataset will help improve the true positive rates detected by anomaly detection systems.

[1]  John McHugh,et al.  Testing Intrusion detection systems: a critique of the 1998 and 1999 DARPA intrusion detection system evaluations as performed by Lincoln Laboratory , 2000, TSEC.

[2]  Barak A. Pearlmutter,et al.  Detecting intrusions using system calls: alternative data models , 1999, Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344).

[4]  Marcus Pendleton,et al.  A dataset generator for next generation system call host intrusion detection systems , 2017, MILCOM 2017 - 2017 IEEE Military Communications Conference (MILCOM).

[5]  Keith Phalp,et al.  Exploring discrepancies in findings obtained with the KDD Cup '99 data set , 2011, Intell. Data Anal..

[6]  G. G. Stokes "J." , 1890, The New Yale Book of Quotations.

[7]  Philip K. Chan,et al.  An Analysis of the 1999 DARPA/Lincoln Laboratory Evaluation Data for Network Anomaly Detection , 2003, RAID.

[8]  Christopher Krügel,et al.  A quantitative study of accuracy in system call-based malware detection , 2012, ISSTA 2012.

[9]  Stephanie Forrest,et al.  A sense of self for Unix processes , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[10]  A. Liu,et al.  A comparison of system call feature representations for insider threat detection , 2005, Proceedings from the Sixth Annual IEEE SMC Information Assurance Workshop.

[11]  Durga Prasad Mohapatra,et al.  Validating object-oriented software at design phase by achieving MC/DC , 2019, Int. J. Syst. Assur. Eng. Manag..

[12]  Gayatri Nayak,et al.  Enhanced Type Safety in Java , 2012 .

[13]  Jiankun Hu,et al.  A Semantic Approach to Host-Based Intrusion Detection Systems Using Contiguousand Discontiguous System Call Patterns , 2014, IEEE Transactions on Computers.

[14]  Gideon Creech,et al.  Developing a high-accuracy cross platform Host-Based Intrusion Detection System capable of reliably detecting zero-day attacks , 2014 .

[15]  V. Rao Vemuri,et al.  Using Text Categorization Techniques for Intrusion Detection , 2002, USENIX Security Symposium.

[16]  Jiankun Hu,et al.  Generation of a new IDS test dataset: Time to retire the KDD collection , 2013, 2013 IEEE Wireless Communications and Networking Conference (WCNC).