Skip to Main Content

IEEE.org| IEEE Xplore Digital Library| IEEE Standards| IEEE Spectrum| More Sites

Cart (Loading....) | Create Account | Sign In

Author Search^beta | Advanced Search | Preferences | | More Search Options

Browse Conference Publications > Information Assurance Worksho ...

Hidden processes: the implication for intrusion detection

Full Text Sign-In or Purchase

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Username

Password

Purchase PDF
Other Formats

Formats	Non-Member	Member
PDF	$31	$13

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

Already Purchased? View Article
Subscription Options Learn More

3 Author(s)

Butler, J. ; Dept. of Comput. Sci. & Electr. Eng., Maryland Univ., Baltimore, MD, USA ; Undercoffer, J.L. ; Pinkston, J.

We introduce a novel class of intrusion: the hidden process, a type of intrusion that will not be detected by an intrusion detection system operating under the assumption that the underlying computing architecture is functioning as specified. A hidden process executes in a manner that is unobservable by many of the operating system's accounting and reporting functions. We present a mechanism to hide processes. Additionally, we show how a hidden process may communicate with an external entity by piggybacking onto a legitimate network connection. We have implemented a mechanism that detects hidden processes and make recommendations calling for the separation of critical operating system functions from more general operating system functions.

Published in:
Information Assurance Workshop, 2003. IEEE Systems, Man and Cybernetics Society

Date of Conference: 18-20 June 2003

Page(s):: 116 - 121
Print ISBN:: 0-7803-7808-3
INSPEC Accession Number:: 7839547

Digital Object Identifier :: 10.1109/SMCSIA.2003.1232409
Product Type:: Conference Publications

Author(s)

Butler, J.
Dept. of Comput. Sci. & Electr. Eng., Maryland Univ., Baltimore, MD, USA
Undercoffer, J.L. ; Pinkston, J.

INSPEC: CONTROLLED INDEXING

computer crime

message passing

network operating systems

operating system kernels

INSPEC: NON CONTROLLED INDEXING

accounting function

computing architecture

hidden process detection

intrusion detection system

kernel module

legitimate network connection

operating system function

process communication

reporting function

IEEE TERMS

Computer architecture

Computer crime

Internet

Intrusion detection

Kernel

Operating systems

Security

Software engineering

Software systems

Referenced Items are not available for this document.

No versions found for this document.

Standards Dictionary Terms are available to subscribers only.

| Create Account

IEEE Account

Purchase Details

Profile Information

Need Help?

US & Canada: +1 800 678 4333
Worldwide: +1 732 981 0060
Contact & Support

IEEE Advancing Technology for Humanity

About IEEE Xplore | Contact | Help | Terms of Use | Nondiscrimination Policy | Site Map | Privacy & Opting Out of Cookies

A not-for-profit organization, IEEE is the world's largest professional association for the advancement of technology.
© Copyright 2013 IEEE - All rights reserved. Use of this web site signifies your agreement to the terms and conditions.