Evaluation of two host-based intrusion prevention systems
05Jun_Labbe.pdf (171.0Kb)Abstract
Host-based intrusion-prevention systems are recently popular technologies which protect computer systems from malicious attacks. Instead of merely detecting exploits, the systems attempt to prevent the exploits from succeeding on the host they protect. This research explores the threats that have led to the development of these systems and the techniques many use to counter those problems. We then evaluate two current intrusion-prevention products (McAfee Entercept and the Cisco Security Agent) as to their success in preventing exploits. Our tests used live viruses, worms, Trojan horses, and remote exploits which were turned loose on an isolated two-computer network. We make recommendations about deployment of the two products based on the results of our own testing.
Collections
Related items
Showing items related by title, author, creator and subject.
-
Assignment scheduling capability for unmanned aerial vehicles - a discrete event simulation with optimization in the loop approach to solving a scheduling problem
(2006);Many military planning problems are difficult to solve using pure mathematical programming techniques. One such problem is scheduling unmanned aerial vehicles (UAVs) in military operations subject to dynamic movement ... -
A Methodology for Evaluation of Host-Based Intrusion Prevention Systems and Its Application
(Monterey, California. Naval Postgraduate School, 2006-06);Host-based intrusion-prevention systems are currently popular technologies which try to prevent exploits from succeeding on a host. They are like host-based intrusion-detection systems [1] but include means to automatically ... -
Illumination Waveform Design for Non-Gaussian Multi-Hypothesis Target Classification in Cognitive Radar
(Monterey, California. Naval Postgraduate School, 2012-06);A cognitive radar (CR) system is one that observes and learns from the environment, then uses a dynamic closed-loop feedback mechanism to adapt the illumination waveform so as to provide system performance improvements ...
