Evaluating Attack Resiliency for Host Intrusion Detection Systems

Host Intrusion Detection Systems (HIDSs) are important tools used to provide security to computer systems. Many HIDSs exist and security practitioners need a way to determine the optimal security solution for their environment. Current evaluations of HIDSs focus on detection accuracy and typically do not account for the possibility that an adversary may subvert the HIDS and modify the outcome. As some elements from the HIDS need to reside within the system under supervision, evaluating the strength against HIDS subversion is critical. This paper defines HIDS subversion and presents HIDS resiliency as a metric of HIDS strength in the event of an attack against the system being supervised.