Research Article
Enhancing Host Security Using External Environment Sensors
@INPROCEEDINGS{10.1007/978-3-642-16161-2_21, author={Ee-Chien Chang and Liming Lu and Yongzheng Wu and Roland Yap and Jie Yu}, title={Enhancing Host Security Using External Environment Sensors}, proceedings={Security and Privacy in Communication Networks. 6th Iternational ICST Conference, SecureComm 2010, Singapore, September 7-9, 2010. Proceedings}, proceedings_a={SECURECOMM}, year={2012}, month={5}, keywords={intrusion detection spam sensors access control host security}, doi={10.1007/978-3-642-16161-2_21} }- Ee-Chien Chang
Liming Lu
Yongzheng Wu
Roland Yap
Jie Yu
Year: 2012
Enhancing Host Security Using External Environment Sensors
SECURECOMM
Springer
DOI: 10.1007/978-3-642-16161-2_21
Abstract
We propose a framework that uses environment information to enhance computer security. We apply our framework to: enhance IDS performance; and to enrich the expressiveness of access/rate controls. The environment information is gathered by external (w.r.t the host) sensors, and transmitted via an out-of-band channel, and thus it is hard for adversaries not having physical access to compromise the system. The information gathered still remains intact even if malware use rootkit techniques to hide its activities. Due to requirements on user privacy, the information gathered could be coarse and simple. We show that such simple information is already useful in several experimental evaluations. For instance, binary user presence indicating at a workstation can help to detect DDoS zombie attacks and illegal email spam. Our framework takes advantage of the growing popularity of multimodal sensors and physical security information management systems. Trends in sensor costs suggest that it will be cost-effective in the near future.
