New IDS project spots anomalous system behavior
Posted on 10 April 2014.
A team of researchers from Binghamton University have been working on a new intrusion detection approach based on monitoring the behavior of systems and spotting when it differs from the one that is considered normal.


The project, titled “Intrusion Detection Systems: Object Access Graphs” and funded by Air Force Office of Scientific Research, is conducted by doctoral students Patricia Moat and Zachary Birnbaum, research scientist Andrey Dolgikh, and they are mentored by Victor Skormin, professor of electrical and computer engineering.

They have chosen not to concentrate on detecting malware, as it can change faster than new signatures for it can be created, but on the systems' behavior.

“What we do is take a picture of what your computer is doing, and then we compare a picture of your computer behaving normally to one of an infected computer. Then, we just look at the differences,” Birnbaum said. “From that, we can see if your computer has an infection, what type of infection, and from there you know you’re under attack and you can take action.”

These pictures are taken by monitoring system calls that go hand in hand with every computer operation performed.

"System calls accumulated under normal network operation are converted to graph components, and used as part of the IDS normalcy profile," they explained.

They have developed algorithms to find a system normalcy profile, to find anomalous deviations, to recognize previously detected attacks, and a real-time visualization system to present the results.

"Our IDS has the ability to instantly adopt changes in the normalcy definition," they pointed out. "Our results demonstrate that achieving efficient anomaly detection is possible through the intelligent application of graph processing algorithms to system behavioral profiling."

More details about the project can be found here.









Spotlight

USBdriveby: Compromising computers with a $20 microcontroller

Posted on 19 December 2014.  |  Security researcher Samy Kamkar has devised a fast and easy way to compromise an unlocked computer and open a backdoor on it: a simple and cheap ($20) pre-programmed Teensy microcontroller.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  
DON'T
MISS

Fri, Dec 19th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //