Developing a high-accuracy cross platform Host-Based Intrusion Detection System capable of reliably detecting zero-day attacks

Download files
Access & Terms of Use
open access
Copyright: Creech, Gideon
CC BY-NC-ND 3.0
Altmetric
Abstract
Current anomaly host-based intrusion detection systems are limited in accuracy with any increase in detection rate resulting in a corresponding increase in false alarm rate. Furthermore, present technology is largely limited in scope to the Linux operating system, with the popular Windows family of computers forced to rely on signature-based protection schemes. This thesis investigates the development of a new approach to host-based intrusion detection system design with the specific aims of improving performance beyond that of existing technology and developing a cross platform approach to intrusion detection. This research has made three original and significant contributions to the field, and represents a marked advance in the body of knowledge. The first major contribution is the development of a new semantic approach to system call data processing, allowing the creation of host-based intrusion detection systems for the Linux operating system which perform significantly better than existing approaches. Performance was evaluated against existing datasets and also against a new modern dataset designed as part of this research. The second key contribution is the development of a new theory which allows the deployment of traditional system call centric Linux anomaly-based intrusion detection systems on the Windows operating system for the first time. This significant technological advance means that protection against zero-day attacks is now possible on this operating system for the first time. These results were tested using a second new dataset designed as part of this research. The final key contribution of this thesis is the development of a new attack methodology which is able to bypass traditional Windows signature-based defences without any obfuscation. The revelation of this new attack technology is an important contribution in and of itself as it allows the community of researchers worldwide to address this important weakness in current approaches. Notwithstanding this threat, host-based intrusion detection systems which use the first two new theories outlined in this thesis are shown to be able to detect this new attack class with a high degree of accuracy, allowing effective protection and significantly mitigating this threat.
Persistent link to this record
http://hdl.handle.net/1959.4/53218
DOI
https://doi.org/10.26190/unsworks/16615
Link to Publisher Version
Link to Open Access Version
Additional Link
Author(s)
Creech, Gideon
Supervisor(s)
Hu, Jiankun
Brown, Lawrie
Creator(s)
Editor(s)
Translator(s)
Curator(s)
Designer(s)
Arranger(s)
Composer(s)
Recordist(s)
Conference Proceedings Editor(s)
Other Contributor(s)
Corporate/Industry Contributor(s)
Publication Year
2014
Resource Type
Thesis
Degree Type
PhD Doctorate
UNSW Faculty
Files
download public version.pdf 3.05 MB Adobe Portable Document Format
Related dataset(s)
View full record Show statistics