An Intrusion Detection Method by Tracing Root Privileged Processes

Jang Su Park; Byoung Chul Ahn

An Intrusion Detection Method by Tracing Root Privileged Processes

Jang Su Park

Byoung Chul Ahn

The KIPS Transactions:PartC, Vol. 15, No. 4, pp. 239-244, Aug. 2008

10.3745/KIPSTC.2008.15.4.239, PDF Download:

Abstract

It is not enough to reduce damages of computer systems by just patching vulnerability codes after incidents occur. It is necessary to detect and block intrusions by boosting the durability of systems even if there are vulnerable codes in systems. This paper proposes a robust real-time intrusion detection method by monitoring root privileged processes instead of system administrators in Linux systems. This method saves IP addresses of users in the process table and monitors IP addresses of every root privileged process. The proposed method is verified to protect vulnerable programs against the buffer overflow by using KON program. A configuration protocol is proposed to manage systems remotely and host IP addresses are protected from intrusions safely through this protocol.

Statistics

Show / Hide Statistics

Statistics (Cumulative Counts from September 1st, 2017)
Multiple requests among the same browser session are counted as one view.
If you mouse over a chart, the values of data points will be shown.

Cite this article

[IEEE Style]

J. S. Park and B. C. Ahn, "An Intrusion Detection Method by Tracing Root Privileged Processes," The KIPS Transactions:PartC, vol. 15, no. 4, pp. 239-244, 2008. DOI: 10.3745/KIPSTC.2008.15.4.239.

[ACM Style]

Jang Su Park and Byoung Chul Ahn. 2008. An Intrusion Detection Method by Tracing Root Privileged Processes. The KIPS Transactions:PartC, 15, 4, (2008), 239-244. DOI: 10.3745/KIPSTC.2008.15.4.239.