Jacob Zimmermann, Ludovic Me, Christophe Bidan
In [*], we have proposed a model for policy-based intrusion detection, based on information flow control. In the present paper, we show the applicability and effectiveness of this model on a standard OS. In that purpose, we conduct experiments both in a completely controlled environment and on an operational server under traffic. The presented results demonstrate that the model fulfills its goals and works successfully as a runtime policy-based intrusion detector.
Keywords: intrusion detection, policy-based, novel attack detection
Read Paper (in PDF)