Skip to main content
Conference Proceedings

Mimicry attacks on host-based intrusion detection systems

Proceedings of the ACM Conference on Computer and Communications Security (2002) 255-264
DOI: 10.1145/586110.586145
508Citations
Citations of this article
211Readers
Mendeley users who have this article in their library.
Get full text

Abstract

We examine several host-based anomaly detection systems and study their security against evasion attacks. First, we introduce the notion of a mimicry attack, which allows a sophisticated attacker to cloak their intrusion to avoid detection by the IDS. Then, we develop a theoretical framework for evaluating the security of an IDS against mimicry attacks. We show how to break the security of one published IDS with these methods, and we experimentally confirm the power of mimicry attacks by giving a worked example of an attack on a concrete IDS implementation. We conclude with a call for further research on intrusion detection from both attacker's and defender's viewpoints.

Author supplied keywords

Cite

CITATION STYLE

APA

Wagner, D., & Soto, P. (2002). Mimicry attacks on host-based intrusion detection systems. In Proceedings of the ACM Conference on Computer and Communications Security (pp. 255–264). Association for Computing Machinery (ACM). https://doi.org/10.1145/586110.586145

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free