Mimicry Attacks on Host-Based Intrusion Detection Systems

  • Wagner D
  • Soto P
  • 164


    Mendeley users who have this article in their library.
  • 348


    Citations of this article.


We examine several host-based anomaly detection systems and study their security against evasion attacks. First, we introduce the notion of a mimicry attack, which allows a sophisticated attacker to cloak their intrusion to avoid detection by the IDS. Then, we develop a theoretical framework for evaluating the security of an IDS against mimicry attacks. We show how to break the security of one published IDS with these methods, and we experimentally confirm the power of mimicry attacks by giving a worked example of an attack on a concrete IDS implementation. We conclude with a call for further research on intrusion detection from both attacker's and defender's viewpoints.

Author-supplied keywords

  • anomaly detection
  • evasion attacks
  • host-based intrusion detection

Get free article suggestions today

Mendeley saves you time finding and organizing research

Sign up here
Already have an account ?Sign in

Find this document


  • David Wagner

  • Paolo Soto

Cite this document

Choose a citation style from the tabs below

Save time finding and organizing research with Mendeley

Sign up for free