IPSdNA: an Intrusion Prevention System disputing No-op Attacks

Abstract

In this paper, we present a real-time Intrusion Prevention Ssystem named IPSdNA (an Intrusion Prevention System disputing No-op Attacks), which is based on system call interception technique. In this system, users can describe attacking models in forms of state machine through a well-designed GUI interface. This system intercepts every system call invoked by application programs and tries to match any penetration pattern. Once there is an evidence showing some penetration is undertaking, the system can terminate the penetration process before injury. To improve detection accuracy, we developed an inspection model based on automata theorem and human-immunity concept. With the help of this enhancement, IPSdNA can solve several kinds of mimicry issues that are destined for pattern-matching IDS.