A Protection Mechanism for an Intrusion Detection System Based on Mandatory Access Control

Research regarding intrusion detection systems (IDSs) has become more active with the recent increases in illegal accesses to computer systems. Many researchers focus only to the techniques or mechanisms for detecting intrusions automatically, without considering the security of IDSs themselves. When an intruder attacks and breaks into a system, he or she often deletes system logs and stops auditing processes. Thus, the security of an intrusion detection system is an important aspect of intrusion detection. In this paper, we examine security functions to protect IDSs. We design and implement a mechanism to protect IDSs by use of the traditional mandatory access control method. This mechanism of protecting IDSs is based on Low Water-Mark mandatory access control with the addition of a limited access mode, allowing the protection of the IDS itself from intruders.