An Edge IDS Based on Biological Immune Principles for Dynamic Threat Detection
Table 6
Detection ways for the intrusion behaviors.
Testing item
Operation step
Anticipation result
Changing password
(1) Obtain authorization of root (2) Changing password file: vi/etc/password (3) Add a backdoor user with the following command lines: newuser:X: 00::/home/newuser:/bin/bash
The number of antigens detected. Computing , FP, and TP
Setting script SUID bit
(1) Obtain authorization of root (2) Setting SUID bit:chmod –perm–4000/bin/tcsh (3) Owner of file is instead of root: chown root tcsh
Changing the important file self-defined by user
(1) Obtain authorization of root (2) Changing the important file self-defined by user
Changing host computer’s log file
(1) Acquire authorization of root (2) Landing with a new user name, modifying host computer’s log file
Probing attack/insweep/portsweep
(1) Take out the exercising set (2) Generating the detectors by using GIDA (3) Detecting the test set
DoS attack/back/Neptune
(1) Take out the exercising set (2) Generating the detectors by using GIDA (3) Detecting the test set