grizzly/deneir
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

apply clem comments

Browse source
This commit is contained in:
Arthur Grisel-Davy 2023-10-03 05:26:50 -04:00
parent 272e230c57
commit cf7d30e6a5
6 changed files with 23 additions and 21 deletions
Download patch file Download diff file Expand all files Collapse all files

4
PhD/research_proposal/frontpages.tex
View file

@ -109,12 +109,12 @@ Supervisor: \> Sebastian Fischmeister \\
\begin{center}\textbf{Abstract}\end{center}
Most current Intrusion Detection Systems (IDSs) share the flaw of requiring the cooperation of the system to protect --- the target.
Whether the IDS is a software or hardware component, they don't perform the detection independently and require the target to execute a programm, use a component, or transmit resuts.
Whether the IDS is a software or hardware component, it does not perform the detection independently and requires the target to execute a programm, use a component, or transmit resuts.
In the case of a compromised target, this critical flaw allows attackers to avoid detection by forging input data, forging detection results, or bypassing the IDS altogether.
This design makes the result of the detection trustworthy only when the target is not compromised.
This observation leads to the conclusion that we cannot entrust machines to assess their own integrity.
To remain trustworthy, the IDS must be independent of the target and require no cooperation to perform the detection.
To remain trustworthy, the IDS must be independent of the target and not require cooperation to perform the detection.
The main challenge with such a system is collecting relevant data.
The main example of such a system are Network-based IDSs (NIDSs).
NIDSs exhibit complete independence, but their input data --- network communication from the machine --- is only relevant for a small subset of attacks.