The first step in our research was to identify the IDSs which we will be analyzing. The first IDS which we will be analyzing is Systrace. Our first goal to be accomplished by the end of the week was to successfully install Systrace and have it running properly. In addition, we hoped to have a thorough understanding of its mechanisms and actions. The first portion of the week consisted of downloading the necessary software to get Systrace running, the second portion of the week was dedicated to understanding how it worked and acquiring knowledge necessary to efficiently use the tool.
A summary report of the research material which I have read is provided here.
Below is a list of the papers and articles read, with a * denoting importance.
1. Niel Provos, "Improving Host Security with System Call Policies" (*)
2. H. Gunes Kayacik, A. Nur Zincir-Heywood, Malcolm I. Heywood, "Automatically Evading IDS Using GP Authored Attacks" (*)
3. Brandon Palmer, Jose Nazario, "Secure Architectures with OpenBSD, Chapter 29: systrace in OpenBSD" (*)
4. OpenBSD Reference Manual: Systrace Manual (*)
5. H. Gunes Kayacik, A. Nur Zincir-Heywood, Malcolm I. Heywood, "Evolving Buffer Overflow Attacks with Detector Feedback"
6. H. Gunes Kayacik, A. Nur Zincir-Heywood, "Mimicry Attacks Demystified: What Can Attackers Do To Evade Detection?"
7. Niel Provos, "Systrace - Interactive Policy Generation for System Calls"
play with systrace, create policies & pair systrace and the vulnerability analysis tools
This research is sponsored by NSERC and the Canadian Distributed Mentorship Project.
/ Ending Area of Table //>
best viewed with Internet Explorer 7.0 or Mozilla Firefox 2.0