Evaluating Attack Resiliency for Host Intrusion Detection Systems

Host intrusion detection systems (HIDSs) areimportant tools used to provide security to computer
systems. Many HIDSs exist and security practitioners
need a way to determine the optimal security solution for
their environment. Current evaluations of HIDSs focus
on detection accuracy and typically do not account for
the possibility that an adversary may subvert the HIDS
and modify the outcome. As some elements from the
HIDS need to reside within the system under supervi-
sion, evaluating the strength against HIDS subversion is
critical.
This paper defines HIDS subversion and presents
HIDS resiliency as a metric of HIDS strength in the
event of an attack against the system being supervised.
To estimate HIDS resiliency, we evaluated the inde-
pendency between the system being supervised and the
HIDS. Then we integrated resiliency into current frame-
works to evaluate detection accuracy.