Skip to Main Content
SELinux, that has stricter access control mechanisms than traditional UNIX/Linux, is thought to be an effective solution for server-side fortification. Some of SELinux's behavior toward actual incidents shows its potential as an intrusion detection system (IDS), but, still, it is nothing more than a logging facility. Further improvements are needed for SELinux, not only to detect incidents but also to deal with them. This paper describes the autonomous defense functionality called "Linux Kernel based IDS" as well as its implementation.