@TECHREPORT{MSU-CSE-05-16,
  AUTHOR =        {Tim Westran and Michael Mack and Richard J. Enbody},
  TITLE =         {The Last Line of Defense: a Host-Based, Real-Time,
                   Kernel-Level Intrusion Detection System},
  NUMBER =        {MSU-CSE-05-16},
  INSTITUTION =   {Department of Computer Science, Michigan State University},
  ADDRESS =       {East Lansing, Michigan},
  ABSTRACT =      {This paper describes a variation of a kernel-level Intrusion
                   Detection System (IDS). In particular, it is real time so it
                   could be described as an intrusion prevention system. In
                   addition to looking at system calls as others have done, we
                   also look at arguments to system calls as well as Process
                   IDs (PIDs) and parent PIDs. Also, we focus on the
                   “lowest-common-denominator” of attacks: elevation of
                   privileges. Together, that focus and enrichment of the data
                   dramatically reduces false positives—in fact, false
                   positives have been eliminated for the attacks we have
                   tested. Since our focus captures a class of host intrusions
                   our technique will also flag unknown but related attacks. We
                   tested the IDS with a variety of intrusions on a Linux
                   machine while in use by a user and flagged in real time all
                   the intrusions with no false positives. },
  KEYWORDS =      {intrusion detection system, security},
  NOTE =          {},
  MONTH =         {May},
  YEAR  =         {2005},
  AUTHOR1_URL =   {},
  AUTHOR1_EMAIL = {westrant@cse.msu.edu},
  AUTHOR2_URL =   {},
  AUTHOR2_EMAIL = {mackmic1@cse.msu.edu},
  PAGES =         {18},
  FILE  =         {/user/web/htdocs/publications/tech/TR/MSU-CSE-05-16.pdf},
  URL   =         {},
  CONTACT =       {enbody@cse.msu.edu}
}