We examine several host-based anomaly detection systems and study their security against evasion attacks. First, we introduce the notion of a mimicry attack, which allows a sophisticated attacker to cloak their intrusion to avoid detection by the IDS. Then, we develop a theoretical framework for evaluating the security of an IDS against mimicry attacks. We show how to break the security of one published IDS with these methods, and we experimentally confirm the power of mimicry attacks by giving a worked example of an attack on a concrete IDS implementation. We conclude with a call for further research on intrusion detection from both attacker's and defender's viewpoints.
CITATION STYLE
Wagner, D., & Soto, P. (2002). Mimicry attacks on host-based intrusion detection systems. In Proceedings of the ACM Conference on Computer and Communications Security (pp. 255–264). Association for Computing Machinery (ACM). https://doi.org/10.1145/586110.586145
Mendeley helps you to discover research relevant for your work.