A Methodology for Evaluation of Host-Based Intrusion Prevention Systems and Its Application
Abstract
Host-based intrusion-prevention systems are currently popular technologies which try to prevent exploits from succeeding on a
host. They are like host-based intrusion-detection systems [1] but include means to automatically take actions once malicious
activities or code are discovered. This can include terminating connections, services, or ports; refusing commands; blocking packets
from specific Internet addresses; initiating tracing of packets; and sending modified packets back to a user. Automated responses to
exploits can be quick without human intervention. Around ten commercial vendors are currently offering intrusion-prevention
products [2], and Snort-Inline [3] is a popular open-source tool. Total intrusion prevention is a difficult goal to achieve, since it takes
time to recognize an exploit and by then the damage may be done. So it is important to have a way to test the often-broad claims of
intrusion-prevention products.
Description
This paper appeared in the Proceedings of the 7th IEEE Workshop on Information Assurance, West Point,
NY, June 21-23 2006.
Collections
Related items
Showing items related by title, author, creator and subject.
-
Evaluation of two host-based intrusion prevention systems
Labbe, Keith G. (Monterey, California. Naval Postgraduate School, 2005-06);Host-based intrusion-prevention systems are recently popular technologies which protect computer systems from malicious attacks. Instead of merely detecting exploits, the systems attempt to prevent the exploits from ... -
Extended Abstract: Trustworthy System Security through 3-D Integrated Hardware
Huffmire, Ted; Valamehr, Jonathan; Sherwood, Timothy; Kastner, Ryan; Levin, Timothy; Nguyen, Thuy D.; Irvine, Cynthia E. (IEEE International Workshop on Hardware-Oriented Security and Trust, 2008-06-01);While hardware resources in the form of both transistors and full microprocessor cores are now abundant, economic factors prevent specialized hardware mechanisms required for secure processing from being integrated into ... -
Homeland Security Affairs Journal, Volume I - 2005: Issue 1, Summer
Naval Postgraduate School Center for Homeland Defense and Security (CHDS) (Monterey, California. Naval Postgraduate SchoolCenter for Homeland Defense and Security, 2005-06);June 2005. We are pleased to present the inaugural issue of Homeland Security Affairs. The primary goal of the journal is to be the academic publication that furthers the discussion and debate of important elements that ...