Abstract
From system security point of view, system calls are vulnerable as they operate in kernel space. Hence monitoring of system call patterns performed by an application has been extensively studied for the development of Intrusion Detection Systems(IDS), which have to respond immediately to abnormal behaviors. However these IDSs have limitations in detecting new types of attacks. Policy driven IDSs have the ability to detect novel attacks based on policies written for system activities. In this paper we propose a hybrid architecture for IDSs, that combines the features of both policy driven IDS and system call based IDS and the idea is experimented for sandboxing Linux 2.6.
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
