期刊名称:International Journal of Electronics Communication and Computer Engineering
印刷版ISSN:2249-071X
电子版ISSN:2278-4209
出版年度:2014
卷号:5
期号:2
页码:277-278
出版社:IJECCE
摘要:Operating system intrusion detection systems (OS IDS) are frequently insufficient to catch internal intruders who neither significantly deviate from expected behavior nor perform a sequence of specific intrusive actions. We hypothesize that application intrusion detection systems (AppIDS) can use application semantics to detect more subtle attacks such as those carried out by internal intruders who possess legitimate access to the system and act within their bounds of normal behavior, but who are actually abusing the system. To test this hypothesis, we developed two extensive case studies from which we were able to discern some similarities and differences between the OS IDS and AppIDS. In particular, an AppIDS can observe the monitored system with a higher resolution of observable entities than an OS IDS allowing tighter thresholds to be set for the AppIDS’ relations that differentiate normal and anomalous behavior thereby improving the overall effectiveness of the IDS
