Session C10
Paper 224
Disclaimer—This paper partially fulfills a writing requirement for first year (freshman) engineering students at the
University of Pittsburgh Swanson School of Engineering. This paper is a student, not a professional, paper. This paper is
based on publicly available information and may not provide complete analyses of all relevant data. If this paper is used for
any purpose other than these authors’ partial fulfillment of a writing requirement for first year (freshman) engineering
students at the University of Pittsburgh Swanson School of Engineering, the user does so at his or her own risk.
HOST INTRUSION PREVENTION SYSTEMS: A NEW PARADIGM FOR
CYBER SECURITY
Prateek Bhatt, [email protected], Sanchez, 17:00, Shubham Bhatt, [email protected], Sanchez, 17:00
Abstract—Cyber security or IT security, also known as
computer security, is the protection of computer systems from
the theft or damage to the hardware, software or the
information on them, as well as from disruption or
misdirection of the services they provide. This cyber security
can be attained by the means of complex Intrusion Prevention
Systems (IPS), which are essentially the complete
process of
identifying and responding to malicious activities targeted at
computing and network resources. In this paper, we’ll be
discussing Host Intrusion Prevention Systems (HIPS), and
compare their infrastructure and working to other
technologies which provide cyber security. Comparing Host
Intrusion Prevention System (HIPS) to other security
technologies like Intrusion Detection System (IDS), Network
intrusion
protection
system
(NIPS),
and
antivirus/antispyware, we will strive to differentiate between
them by discussing the infrastructure and the reasoning they
follow. Moral, and ethical implication correlating with moral
and economic sustainability, achieved by HIPS, will be an
integral part of the paper. Also, concluding that HIPS is by
far the most plausible solution, we will also give some
insights about the need for cybersecurity and the further
development of existing systems in the future which goes
hand in hand with moral and economical sustainability.
occurring on the internet take place in cyberspace. Over the
past several years, the cyberspace has been under attack. Our
privacy, with our increased dependence on information laden
society, is at stake and new threats such as denial of service
attacks(DDoS) continue to emerge which give a basis for
defining ethics in the cyber world. Moreover, the paradigm
shift to an information age, where economies are based on
information, has simultaneously generated new ethical and
juridical problems, mainly related to issues such as the right
of access to information, the right of privacy which is
threatened by the emphasis on the free flow of information,
and the protection of the economic interest of the owners of
intellectual property [2].
Cybersecurity is the combination of IDS, which provides
visibility, and IPS, which provides control, and they were
further developed and designed to overcome the
shortcomings. The new systems are HIPS, which provide
security to the host computer, and NIPS, which provide
security to the network used by the computer. Essentially, an
infringement of cyber security creates social and economic
challenges, which are a derivative of hacking and its resulting
consequences, and are a rising concern.
Key Words— Behavioral analysis of HIPS, cyber security,
Host Intrusion Prevention Systems, HIPS Using Signature
File Method, IBM - Proventia desktop endpoint security and
its application, McAfee Host Intrusion Prevention for
Desktop, Economic and Moral Sustainability, NAE Grand
Challenges for Engineering, Network Intrusion Protection
Systems.
Cyber security is becoming a necessity in all
environments including home and enterprise. For instance,
according to U.S. News, hackers cost $445 billion annually to
consumers and firms, which exponentially increasing,
indirectly results to a loss of 200,000 jobs in the United States
alone [3]. This example, thus, supports our call for the
development and enhancement of cyber security. Moreover,
every cyber attack has a significant impact on banking
institutions, digital property, and economy. In fact, one need
to consider many facets such as social impacts, which result
in loss of trust, confidence, and a sense of freedom, other than
just monetary ones.
Thus, this description and introduction of cyber security
are followed by an extensive clarification of existing cyber
security technologies which not only helps to mitigate the
effects of cybercrime but also provide valuable insight into its
working.
CYBERSECURITY: A RISING NECESSITY
According to National Military Strategy for Cyberspace
Operations, cyberspace is “a domain characterized by the use
of electronics and the electromagnetic spectrum to store,
modify and exchange information via networked information
systems and physical infrastructures” and can conventionally
describe as anything associated with the internet and the
diverse internet culture [1]. Thus, all events or activities
University of Pittsburgh Swanson School of Engineering 1
Submission Date: 03.03.2017
Social and Economic Challenges
Shubham Bhatt
Prateek Bhatt
received and delivered data packets on the network [7]. It
learns how the applications work and notify the user as soon
as there is any unfamiliar data transfer. Also, since it is
anomaly based and not signature based, it is more likely to
stop the zero day attacks or unknown and new patterned
attacks. Therefore, HIPS can cover most of the attacks
vectors.
HIPS AND ITS FRAMEWORK
A Host Intrusion Prevention System, which keeps
intruders out of the host’s network layer to all the way up to
the application layer, is a technology, which combining all
the other systems like firewall, Intrusion Detection System
(IDS), and anti-viruses, evaluates traffic before data enters a
computer. This coalescing significantly reduces the total cost
of ownership as instead of paying for three to four types of
security technology licenses every term, an organization only
needs to pay for one.
HIPS and firewall are very closely related. A firewall
examines the traffic to and from a system based on a definite
set of rules, HIPS do a very similar thing but can make
changes in your computer which firewall cannot. HIPS can
protect against known and unknown dangerous threats. In the
case of a malicious attack attempt by any hacker or malware,
HIPS take appropriate actions like blocking the actions and
alerting the user of the attack. HIPS can guard against many
threats and changes which malware might want to make.
Some of them are preventing hackers and malwares to take
control of the programs in the computer like email client or
internet browser to download some more malicious programs,
stopping malwares from making any change in important
registry keys which starts programs at certain events,
restricting from ending other programs already installed on
the computer like an antivirus, not allowing installation of
other devices and drivers which can get started before other
programs and change behavior of other preinstalled programs
and stopping malware from processing memory access, so
that it can insert malicious code into a trusted program [4].
HIPS provide users with multiple layers of security such
as protection against local and network based attacks like IPS
and protection against application based attacks like antivirus. According to Corman from IBM Security, “HIPS is
like an airport security checkpoint. A variety of technologies
look for multiple types of threats, including checking bags
and people for weapons and chemical residues, and utilizing
facial recognition software to identify wanted individuals”
[5].
The following example will help us to understand the
functioning of HIPS better. Suppose an attacker wants to
attack an organization and corrupt the data files of the
company. He will carry out a buffer overflow so that his
malicious code can run in the memory space of the kernel and
change the behavior of the computer accordingly resulting in
replacement of data with corrupt data files and sometimes
even crash the whole computer down. To prevent this type of
activity, the HIPS solution will review the system call and
compare it to either a list of signatures or a list of known
good behaviors. If the HIPS solution identifies the call as
malicious, it does not allow access. Vendors can use one or
both approaches in their products [6]. Delving deeper into the
subject at hand, HIPS technology uses behavioral analysis to
prevent worms, viruses, Trojans, and spywares [7]. Inserting
itself into the operating system kernel, HIPS monitors the
Signature and Behavioral Analysis
Per TechGenix, which is an online magazine about latest
technology news and articles, “A signature based security
filter operates somewhat like a law enforcement officer who
seeks to identify criminals based on their modus operandi, or
mode of operation. Specific actions and/or code sequences
are compared against a database of known signatures, or
predefined strings in code that are indicative of malware.”
And on the other hand, the behavioral analysis is defined by
TechGenix as “Heuristic algorithms that are often used to
identity anomalies, by analyzing past network traffic, email,
etc. and comparing it to current patterns or by analyzing the
structure of the code itself. Heuristic engines today are
typically rule-based, and heuristic engines can “learn” from
previous experiences and build new rules accordingly” [8].
An antivirus has two main techniques to scan for virus:
Signature and Behavior based. Malwares and viruses have
signatures like humans have. Some of them have static
signatures while other can change their signatures and try to
get away from being detected by an antivirus. For static
signatures, an antivirus has a predefined set of known
signatures and while scanning it compares the predefined
signatures and try to match with the signatures of viruses. If
the signatures match, the file is classified as a threat and the
user is notified to take further necessary actions. This is the
signature based detection method. So, when you update your
antivirus, the list of known predefined signatures is expanded
with the inclusion of new known signatures to provide
protection against new threats.
But, hackers have become smarter with time and to
evade the signature based security, they code viruses in such
a way that they can change their signature and try to harm
your system fooling the signature based antivirus. So, to
overcome these problem experts came up with and started
using behavioral analysis instead of signature analysis to
identify threats. For example, imagine you are a burglar and
are planning to break into a house. You try to gain as much
information as much as possible about the house and its
residents by using surveillance. Then you go to a weapons
shop to pick up a weapon that can be used 'just in case'. Your
behavior is suspicious as you have been planning it and is
surveilling the house and its residents. You reach the store
and there are the police with handcuffs. Your behavior was
analyzed by the police and you were busted. Now, imagine
the police as an antivirus and the burglar as the virus. The
'behavior' based antivirus works in the same way. It tries to
identify the 'behavior' of a file. For example, consider a mp3
2
Shubham Bhatt
Prateek Bhatt
file trying to modify a system file or something like that
which is unacceptable under normal circumstances. An
antivirus will mark it as 'dangerous behavior' and hence the
antivirus classifies it under 'threat' category [9]. The antivirus
analyzes the behavior of the file and then classify gives it a
red or green light.
will have to be permitted under the UDP and TCP Rules in
every group as shown in figure 1.
APPLICATION OF HIPS
As an epitome of providing unprecedented levels of
protection from known and unknown zero-day threats, which
are undisclosed attacks being used for the first time and have
never been reported or caught, McAfee Host Intrusion
Prevention for Desktop software, an integral product of Intel
Security endpoint suites, combines signature and behavioral
Intrusion Prevention System (IPS) protection [10]. Thus, it
serves as an excellent system protection product for
individuals and companies.
Another product, IBM Proventia desktop endpoint
security, is extensively used to demonstrate the
implementation, configuration, and tuning of an enterprise
HIPS. Designed for easy integration with an existing
corporate infrastructure, including interoperability with
Active Directory, most e-mail and Web clients, and popular
antivirus and Virtual Private Network (VPN) software, IBM
Proventia desktop endpoint security, also, automatically
protects desktops and laptops against known and unknown
threats, hackers and other improper activity on the desktop
[11]. Moreover, the desktop systems, which are running the
software, get multilayered architecture which blocks attacks
through scanning system-critical files, folders, and registry
keys which help protect against any unwarranted
modification. Since we have discussed at length the working
and architecture of HIPS, it is exigent to also learn about its
installation as both go hand in hand. Hence, the next section
of our paper focuses on the application and the entire setup of
the HIPS in an enterprise.
FIGURE 1 [5]
A display of the Proventia site Protector
For configuration, one needs to create groups, and if
every computer has the same rules and policies, one would
need only a single group. For companies that have mobile or
remote workers, HIPS are very useful as HIPS can provide
relatively the same level of protection as internal
workstations; also, a VPN policy for your mobile laptops can
be created to make sure they are updated and running [5].
This feature allows a specific department of a company to
create a policy to only allow certain devices with certain ports
over their VPN.
Also, it’s also advisable to make a narrow, restrictive
policy such that only the required members of the department
are allowed to access in order to bolster the security provided.
Next, in configuration, one would have to test the
communication that occurs in a workstation, and then deploy
the agents to the working stations. One shouldn’t deploy all
the agents at once so that the if anything goes wrong, the
workstations will still be protected [5]. If everything runs
smoothly over a period of some days, one can deploy the rest
of the agents to the workstations as the software is functional.
Now, tuning HIPS takes time as one need to make sure
that there are no false positives because of a poor setup of the
system. Thus, while tuning one should baseline the alerts and
begin checking high severity alerts and work our way down
to low security alerts as shown in figure 2[5]. Doing so, helps
us to eliminate any false alarm and find out the relevant ones.
For example- If there are a lot of alarms and Windows attacks
being triggered and there are only Linux or Unix operating
systems being used, obviously, these are false-positives that
do not need to be investigated and the signatures could be
turned off; Another example is if SNMP or DHCP is being
Setup of HIPS in an enterprise
Generally, the settings of a HIPS govern the overall
behavior of the component while the rules tend to provide
direction in the way the system has to be protected.
Implementing and configuring HIPS for an enterprise can be
a rather tedious task, and it requires a thorough understanding
of how the network is designed, how the application is used
and how they function; most HIPS systems like Proventia
Desktop which is managed by Site Protector, a centralized
management console, is an Agent Manager which enables the
Security Administrator to control what the agents will deny
and permit on each workstation [5]. Another feature of this
Proventia Desktop is to provide flexibility to set different
filtering rules and filtering by IP type, IP address, UDP, TCP,
ICMP, or create a custom filter [5]. To illustrate, if a virus
agent of a tries to communicate over a port, say 2035, and
connect to the server, the IP address of the server and the port
3
Shubham Bhatt
Prateek Bhatt
used in the network and its traffic is traversing the network
all the time triggering a lot of alerts [5]. Also, one can always
tune the alarms to our needs and base a Unix operating
system as a low or medium alarm. To exemplify, Proventia
Desktop provides a few default signatures which have the
option to enable, disable, block or override the block for each
signature they have which serves to reduce time investigating
false-positives that are triggered repeatedly [5].
FIGURE 3 [20]
The flow chart depicting Security and its Components
This formula is the basis for the security of a network. The
visibility of a network can be related to IDS. IDS provide us
with active visibility of what is happening on our networks as
it takes place as well as the ability to store this information
for future use. Visibility through IDS makes it possible to
create a security policy based on the real network data. The
other component of security is control which is covered by
IPS. IPS technology provides an active ability to control
which makes it possible to enforce the security policies [12].
The combination of both these technologies is a perfect
solution for most mid to large sized organizations. They both,
along with new technologies, combine and contribute
partially towards making of HIPS.
Intrusion Detection System
A protocol analyzer is a tool that a network engineer
uses to look deep into the network and see what is happening.
A good analogy is to compare IDS with a protocol analyzer
[13]. IDS are placed on the side of a network to monitor
traffic at many different points and provide visibility into the
network. IDS look deep into the network from a security
point of view. Most companies install IDS devices in the
perimeter either between the firewall and the border router or
outside of the border router. Also, many companies go an
extra mile by installing IDS outside of the firewall and border
router so that they see the full breadth of attempted attacks
against them. Another approach is to deploy IDS both inside
and outside of the perimeter devices so that it can be
confirmed that weather or not a potential attack, which was
seen outside of the perimeter, has successfully made it past to
the inside of firewall and border routers. This approach
requires more resources but it provides a clearer picture of the
security.
Some companies also deploy IDS devices on the out of
band architecture, that is IDS sits on a shared media. While in
this position, IDS devices capture as many data packets as it
can and reports back to a management console. Another way
is to deploy IDS on the parameter which is called in line
deployment, which ensures all data coming into and leaving
passes through this device prior to continuing into the
corporate network. Other devices that sit in the same position
are routers and firewalls. Having IDS at this position has a
downside that if this device fails or malfunctions, all data will
either continue to enter without any visibility or it will stop
entering the network until IDS is fixed or changed. This
exposes the company’s network to all the potential attackers
as the traffic is allowed into the network without being
monitored. For larger companies like google, which requires
an extra need for full visibility into network traffic, a
common method is to deploy IDS at all primary network
points internally and externally. This method ensures
visibility needed to track down internal threats as well as
FIGURE 2 [5]
Overall process of implementing, configuring, and tuning
HIPS
AN ANALYSIS AND COMPARISION OF
OTHER PREVENTION SYSTEMS
Threat management is the top priority these days. Be it
e-commerce websites, online banking, and other high profile
applications, every organization want to avail themselves of
the best possible protection against unauthorized entry. So,
the idea of security from the intrusion can be represented by a
formula provided by Intrusion.com: Security = visibility +
control as shown in figure 3[12].
4
Shubham Bhatt
Prateek Bhatt
outside threats, considering that one of the greatest threats
comes from insider threats like aggrieved employees or
curious employees.
The biggest drawback of IDS deployment is the
performance factor. IDS is designed to grasp the greatest
amount of data capture, but even with the higher performance
components and updated software IDS tends to drop data
packets due to high bandwidth of network devices. So, on a
larger network, one need to increase the number of IDS
devices to monitor all the segments of the network. This
means that total cost of setting up and maintaining the IDS
can be very high. Also, sometimes IDS generate false
positives even when the network is not attacked. Another
major problem with IDS deployments is to capture encrypted
data packets. Currently, IDS cannot decrypt data packets and
this stops security administrators from seeing what is coming
into and going out of corporate network. Moreover, with the
growth in encrypted data streams like Virtual Private
Network (VPN) the need of another solution like IPS at the
perimeter is becoming more and more important. Usually,
firewalls and anti-virus try to block attacks and IDS helps in
identifying them. IDS can evaluate traffic that passes through
open ports but cannot stop it, so intrusion protection system
comes to the play to actively block attacks [14].
attacks in various ways like by terminating the network
connection, ending the user session where an attack
originated, blocking access to the target from the user system,
IP address, or by blocking every access to the targeted
element. Also, it can respond in various ways to an attack.
IPS can reconfigure firewall or router to block an attack.
Some of the IPS can also apply patches by analyzing host’s
vulnerabilities. For example, IPS can protect from malicious
contents like an infected attachment from an email before
letting it pass the network to the user [17]. IPS has two main
types that are HIPS and Network Intrusion Prevention System
(NIPS). NIPS solutions evaluate traffic before it's allowed
into a network or subnet. HIPS solutions evaluate packets
before they're allowed to enter a computer [6].
Unification of Intrusion Prevention System and Intrusion
Detection System
As IDS and IPS are placed at different spots on the
network map, they together can and should be used
concurrently. An IPS placed in line with the traffic flow helps
to stop the zero day attacks, such as worms and viruses, and
even the newest threats coming up every single day, with
rigorous tuning. And at the same point IDS installed inside
the firewall on the network map monitor data internally,
guarding against an internal threat. Together both systems
combine to lend greater visibility and control into security
events. The idea of using both systems together is not usually
implied by many corporations as it is not cost friendly. As
IPS and IDS do not generate any income directly it becomes
hard to justify this expense. However, without the visibility
and control of the network, which is provided by IPS and
IDS, there is a potential increase in costs associated with
intrusion in the network and loss of important or confidential
data. Over time many companies are coming up to use these
systems together as they have begun to realize the advantages
associated with these technologies are far above the cost to
set them up. However, there are many advantages of using
both these technologies together but they are not enough to
protect a system from every possible attack as new superior
attacks are coming up with every single passing day.
Intrusion Prevention System
Neil Desai from Symantec Corporation defines IPS with
this statement, “You blended your Intrusion detection system
with my firewall! No, you blended your firewall with my
Intrusion detection system! Either way, when you combine
the blocking capabilities of a firewall with the deep packet
inspection of an Intrusion detection system, you get the new
kid on the block: Intrusion prevention systems or IPS [15]”.
Some groups also suggest that IPS is an evolution of IDS and
eventually it will take over and IDS will disappear. IPS are
devices or programs that detect intrusions into the network
and take certain actions like generating alarms and/or
blocking intrusions. Usually, IPS are in the form of hardware
devices or software agents running on servers. A firewall is
designed to block all network traffic except that which is
explicitly allowed whereas an IPS is designed to permit
everything except that which is explicitly disallowed [16]. It
is easier to understand with an analogy of a security guard
outside the lobby, who permits people to enter based on who
they are. The guard permits the mail carrier and the package
courier to bring letters and packages into the lobby, but the
guard does not examine the contents of the packages or
letters. In the mailroom, a mail clerk opens all the letters and
packages and examines them. In this analogy, the guard is a
firewall, who permits personnel to come and go, but does not
examine the contents of the packages. The mailroom clerk is
an IPS because the clerk is examining the contents of each
letter and package [16].
IPS is placed in line with the traffic flows on a network
map, that helps it to shut down attempted attacks. It stops
Superior Technologies than IDS and IPS
Today, cyber security is undergoing a renaissance in
terms of providing better security with many technologies
emerging or developing in the area. In comparison to other
existent technologies like IDS, Network intrusion protection
system (NIPS), and antivirus/antispyware, perhaps, HIPS is
undoubtedly better and a boon to cyber security.
HIPS, as compared to IDS, is a better option as even
though IDS has the capability to tell what happened on the
network, it cannot stop the attack from taking place; it waits
for the attack to happen before sending out an alert about the
intrusion [5]. So, HIPS are better than IDS for security. NIPS
is better than IDS as it can stop attacks but is very limited in
5
Shubham Bhatt
Prateek Bhatt
its purpose as compared to HIPS. NIPS sometimes deny a
legitimate traffic thinking that it is an intrusion and malicious.
Moreover, both NIPS and IDS, unlike HIPS, cannot see
the encrypted traffic on the network as they cannot see what
is inside these files and cannot stop or alert for any encrypted
files. Moreover, when compared to Antivirus and
antispyware, HIPS are more efficient as even though
antivirus scan for viruses, trojans, worms, and spyware, they
still rely on signatures of attacks; they lack the ability to stop
unknown attacks which can hurt the system while HIPS
protects a system in all other ways that other types of
protections cannot [6]. Thus, most companies and homes
need to use HIPS.
The main risk involved with using HIPS is wrong user
decision due to improper or lack of proper knowledge. HIPS
keep the track of changes that other software make on your
system. For example, HIPS track all the changes made on the
registry key, from where programs start at the boot up but
there are many other programs that use this key as well, so
when they try to make any change in the registry key HIPS
prompts the user to allow the change or block it. Usually,
most users hit allow, especially if they are trying to install a
new program, because of improper or no knowledge of the
change being made. Sometimes HIPS prompt what other
users typically choose in that same case. So sometimes HIPS
can identify threat only if the response from the user is well
informed and correct for the safety point of view. If the user
makes a mistake in selecting a response to the popup alert,
the computer can still become infected and the purpose of
HIPS will not be fulfilled [4].
between cybercrimes and ethics, which will not only make us
more aware but helps us share the responsibility.
Now that we understand the infrastructure, applications,
and implications of cyber security and its techniques, the next
section provides a brief outlook. Thus, by implementing,
configuration, and tuning, one can set up the necessary HIPS
in a business enterprise or even for our homes. The figure
below helps to understand this entire process from beginning
to the end.
SUSTAINABILITY
However, what if we do not take the indispensable act of
formulating laws, and guidelines against cybercrimes and fail
to spread awareness of the correlation between cybercrimes
and ethics. The entire cyber infrastructure, encompassing all
the information from health records, economic security,
technologies enhancing warfare, patented medicine and
vaccines to social identities, valuable experimental and
classified data, would go down the road of vulnerability and
collapse. This eventual, yet inevitable collapse would rather
be a pitfall of the cavalier attitude towards augmenting cyber
security and escaping the collective responsibility to fight
cybercrimes than of an inefficient cyber security system.
Moreover, the stakes are high, the least to say,
considering that various war technologies and data could fall
into the hands of terrorist organizations endangering not only
a nation but the entire human race. Thus, the collapsing cyber
infrastructure would jeopardize our lives, with the dilution of
sustainable life. In fact, the essential meaning of technology,
which is the science of applied knowledge aimed to make our
lives easier, would ironically be given away when it tends to
risk that very sustainable, comfortable life. Moreover,
technology, per se, cyber security technologies and
sustainability go hand in hand, an intersection we often fail to
realize or tend to have various definitions of our own.
A multifaceted definition depending on the
interpretations of the audience, sustainability is lucidly
narrowed by the UN's World Commission on Environment
and Development (UNCE) as the "satisfying the needs of the
present generation without compromising the ability of future
generations to meet their own needs" [18]. This definition
resonates with the idea of cyber security technologies like
HIPS which help sustain cyber information by attenuation or
preventing cyber attacks. Cyber information, in a nutshell, is
an entire world of data essential to all individuals, enterprise
and an economy as a whole and as dependence on it likely
increases, it will continue becomes a critical part of our life
and corresponding activities needed to sustain it. Imagine,
without the safe cyber information sustainability, all our
personal information could be leaked and our privacy would
be compromised. Delving deeper, envision our mobiles, and
laptops incapable of processing, transferring or modifying
data and the futuristic self-driving cars, which hacked would
be driver by the attacker accordingly, unable to make
SOCIAL AND ETHICAL IMPLICATIONS
Looking at the bigger picture, one needs to realize that
these very technologies have impacted our lives on so many
levels. The technologies or soft wares that make the
decrypting of digital information difficult can be exploited by
cyber criminals to create an alias or have profiles difficult to
access. Often, this raises questions about ethics and morals.
Ethics, essentially, is the questioning and examining of what
is good or bad in terms of human actions. The ethical and
private implications of cybercrime have effects both on an
individual and social level. On an individual level, a breach
of privacy leads to a loss of dignity, privacy, and autonomy;
on a social and economic level, it leads to the growth of large
information
businesses
like
credit
bureau
and
telecommunication companies that specialize in the
processing and trade of person-related information. This
brings about a redefinition of the role of society (big
businesses) in the personal and private lives of the individual
(the use of personal information as a commodity) [2].
Therefore, apart from distinguishing a breach of privacy,
we need sets of guidelines and extensive ethical norms which
will prevent manipulation of information by the means of
technology. In essence, one should realize the great overlap
6
Shubham Bhatt
Prateek Bhatt
decisions like speed, direction, and control. Would you sit in
such a car or use such a phone? Obviously, No. The cyber
attacks are, thus, capable of rendering all the electronics
running in our houses to be inept or useless. Thus, HIPS, as a
technology, would rather play an integral part in
consolidating social sustainability by protecting against
unwarranted attacks.
However, HIPS incorporated in IBM Proventia Desktop
Endpoint Security is not only capable of persevering social
sustainability but economic sustainability too. Inexpensive in
comparison to the output delivered, and by far proficient in
handling various cyber attacks, HIPS saves firms millions of
dollars, which is a plus. This makes it economically viable,
due to its fair price, and hence available to groups and
individuals; together, considering the fact it saves millions of
dollars, it in a true sense is an economically sustainable
technology.
Thus, HIPS fulfilling the definition of moral, and
economical sustainability will improve the quality of our
lives by providing and securing the future of the cyber
information based era. However, even though HIPS can cover
most of the attacks vectors, it is not all perfect as with the
increase in technological advances, hackers tend to develop
systems to infiltrate and break the system’s security layer.
This will continue to sabotage our sustainability in every way
possible, and it is essential for engineers to step up to their
duty.
http://ctnsp.dodlive.mil/files/2014/03/cyberpower-i-chap02.pdf . p. 24-42
[2] J. Britz. “TECHNOLOGY AS A THREAT TO
PRIVACY: Ethical Challenges to the Information
Profession”. Accessed 3.3.2017.
http://web.simmons.edu/~chen/nit/NIT'96/96-025-Britz.html
[3] T. Risen. “Study: Hackers Cost More Than $445 Billion
Annually”. 9.06.2014. Accessed 3.03.2017.
http://www.usnews.com/news/articles/2014/06/09/studyhackers-cost-more-than-445-billion-annually
[4] P. Arntz. "What Is Host Intrusion Prevention System
(HIPS) and How Does It Work?". Malwarebytes, 11 May
2013.
Accessed.
3.03.2017.
https://blog.malwarebytes.com/101/2013/05/whatiships/
[5] J. Chee. “Host Intrusion Prevention Systems and
Beyond”.
6.02.2008.
Accessed
3.03.2017.
https://www.sans.org/readingroom/whitepapers/intrusion/host-intrusion-preventionsystems-32824
[6] S. Harris. "NIPS and HIPS." Security Content from
Windows IT Pro. 20 Feb. 2006. Accessed. 3.03.2017.
http://m.windowsitpro.com/security/nips-and-hips.
[7] A.Tchakoucht, M.Ani, M. Jbilou, M. Salaun. Behavioral
approach for intrusion detection. IEEE/ACS 12th
International Conference of Computer Systems and
Applications (AICCSA). 11.17.2015. Accessed 3.03.2017
http://ieeexplore.ieee.org.pitt.idm.oclc.org/stamp/stamp.jsp?a
rnumber=7507118
[8] D. Shinder. "The Pros and Cons of Behavioral Based,
Signature Based and Whitelist Based Security." TechGenix,
13 Nov. 2008. Accessed. 3.03.2017.
http://techgenix.com/pros-cons-behavioral-signaturewhitelist-security/.
[9] "What Is the Precise Difference between a Signature
Based vs Behavior Based Antivirus?"Information Security
Stack Exchange. 28 July 2015. Accessed. 3.03.2017.
http://security.stackexchange.com/questions/95186/what-isthe-precise-difference-between-a-signature-based-vsbehavior-based-antiv.
[10] Intel Security. “McAfee Host Intrusion Prevention for
Desktop”. Advanced vulnerability protection for desktops
and
laptops.
2015.
Accessed
3.03.2017.
http://www.mcafee.com/us/products/host-ips-fordesktop.aspx
[11] IBM - Proventia desktop endpoint security. “Proventia
desktop endpoint security”. Accessed 3.03.2017.
https://www-935.ibm.com/services/th/en/itservices/proventia-desktop-endpoint-security.html
[12] T. Holland. "Understanding IPS and IDS: Using IPS and
IDS Together for Defense in Depth.". 23 Feb. 2004.
Accessed.
3.03.2017.
https://www.sans.org/readingroom/whitepapers/detection/understanding-ips-ids-ips-idsdefense-in-depth-1381.
[13] J. Snyder. "Do You Need an IDS or IPS, or
Both?" SearchSecurity.
Accessed.
3.03.2017.
AN OUTLOOK ON CYBER SECURITY
It is the work of a professional, responsible, engineer to
develop systems, technologies, and processes keeping in
mind the effect on sustainability in hand. Thus, as we
continue to append various technologies or upgrading the
current HIPS infrastructure, we, as engineers, need to keep
economic, moral, ethical dimensions of sustainability in
consideration which encircles a bearable, viable, and
equitable technology. It’s also likely with the increasing
dependence on cyberspace, as hacking continues to
exponentially increase, one will have to unfailingly address
concerns of breaches in data security and sabotage [19].
Notably, it is imperative to understand that cybersecurity is
not merely an engineering and computer science problem, but
also an economic and behavioral challenge. Therefore, we
believe and recognize that technical initiatives alone will not
provide a plausible solution. Hence, cyber security, exigent to
much of the world’s infrastructure and sustainability, should
no longer an initiative but a collective responsibility.
SOURCES
[1] D. Kuehl. "From cyberspace to cyber power: Defining the
problem." Cyber power and national security. 4.01.2009.
Accessed
3.03.2017.
7
Shubham Bhatt
Prateek Bhatt
http://searchsecurity.techtarget.com/Do-you-need-an-IDS-orIPS-or-both.
[14] D. Sequeira. "INTRUSION PREVENTION SYSTEMS
– SECURITY’S SILVER BULLET?” Accessed. 3.03.2017.
https://www.sans.org/readingroom/whitepapers/detection/intrusion-prevention-systemssecuritys-silver-bullet-366.
[15] N. Desai. "Symantec." Symantec Connect. 26 Feb. 2003.
Accessed
3.03.2017.
https://www.symantec.com/connect/articles/intrusionprevention-systems-next-step-evolution-ids.
[16]
S. Piper. "Intrusion Prevention System for
Dummies." Sourcefire.
Accessed.
3.03.2017.
http://www.bradreese.com/sourcefire-ips-for-dummies.pdf.
[17] "Security: IDS vs. IPS Explained." Compare Business
Products.
18
Mar.
2014.
Accessed.
3.03.2017.
http://www.comparebusinessproducts.com/fyi/ids-vs-ips.
[18] G. H. Bruntland. Chapter 2. Our Common Future:
Report of the World Commission on Environment and
Development.
3.20.1987.
Accessed
3.30.2017.
http://www.un-documents.net/ocf-02.htm
[19] “Summary”. Overview. NAE Grand Challenges For
Engineering.
9.14.2015.
Accessed
3.03.2017.
http://www.engineeringchallenges.org/9042.aspx
[20] P. Bhatt, S. Bhatt. Flow chart created for the University
of Pittsburgh Spring Conference Paper. 3.03.2017.
Reflecting back on the paper, we believe that this paper
has been an essential factor in helping us understand
technologies outside the curriculum. Hence, thank you all for
always being by our side and a sincere gratitude to God for
constantly showering his blessings over us.
ADDITIONAL SOURCES SECTION
J. Bauer. “The New Cybersecurity Agenda: Economic and
Social Challenges to a Secure Internet”. 6.04.2015. Accessed
3.03.2017.
https://papers.ssrn.com/sol3/papers.cfm?abstract_id=261454
5
M. Gasser. “Building a Secure Computer”. 9.27.2016.
Accessed 3.03.2017.
https://ece.uwaterloo.ca/~vganesh/TEACHING/S2014/ECE4
58/building-secure-systems.pdf . p.3
L. Padma, N. Reddy, M. Rao. “Host Intrusion Prevention
System Using Signature File Method”. IEEE International
Advance Computing Conference. 3.7.2009. Accessed
3.03.2017.
http://ieeexplore.ieee.org.pitt.idm.oclc.org/stamp/stamp.jsp?t
p=&arnumber=4809082
ACKNOWLEDGMENTS
Firstly, we would like to take this opportunity to express
our deep gratitude to our writing instructors, and professor D.
Sanchez, for providing an immense support to write this
conference paper.
Lastly, but not the least, we would like to thank all
library staff, working behind the scenes, who provide us with
ample information and resources to gather meaningful
information.
8