EXPLOIDS - Explicit Privacy-Preserving Host Intrusion Detection System

• Website
• Contact: Martin Beck

Description

Detection and investigation of IT-security incidents using a newly designed intrusion detection system

The EXPLOIDS (Explicit Privacy-Preserving Host Intrusion Detection System) project conducts research regarding proofable detection and investigation of security incidents using a reliable Host Intrusion Detection System (HIDS). It combines the advantages of network-based and host-based detection systems. Secure data collection forms the basic building block to detect attacks and allow downstream incident investigation. Main goals of the resulting research are:

• Reliable and non-manipulable data collection across all software and hardware layers.
• Privacy-preserving storage and analysis of collected information and metadata.
• A meaningful visualization supporting incident detection and forensic analysis

Data collection happens continuously across software and hardware layers. Sensor that extract data for collection at different layers and components are secured to detect and mitigate attacks against them. Secure sensors are achieved using a trusted hardware anchor, hypervisor modifications and operating system extensions to build a chain of trust for all sensors. This mechanism detects manipulated sensors and mitigates adversarial measures for hiding attack traces. Data analysis is performed upon large data collections, like instruction traces, network communication or inter-process communication. Mechanisms for privacy-preserving storage in secure databases and privacy-protected evaluation ensure confidentiality for sensitive information. Analysis further maps the collected data upon dynamic graphs and performs graph pattern detection for attack pattern discovery. To support forensic analysis meaningful visualization techniques are developed and integrated into the HIDS system.