A Low Resource Intrusion Detection System Using Osquery
Faculty Mentor
Dr. Antonio Espinoza
Presentation Type
Poster
Start Date
May 2025
End Date
May 2025
Location
PUB NCR
Primary Discipline of Presentation
Computer Science
Abstract
Intrusion Detection Systems (IDS) are fundamental tools in monitoring and alerting system and network administrators to cyber threats occurring on those systems. An IDS is a security application that generates notifications when the system or network that the application is monitoring is under attack. The use of an IDS is a necessary tool in monitoring large networks for existing vulnerabilities that may go unnoticed by system administrators. An IDS can notify administrators when an attack is occurring, and which resources are affected by an attack. Many IDS applications at present contain resource intensive tools that draw on resources that are shared with a system running either one or more services. The intensive consumption of resources can affect two things, the first being that the resource limits of a system can affect the detection rate or accuracy of the IDS and the second is that resource consumption can affect availability of a service running on that system. In this research, I purpose an IDS that consumes minimal resources that will have acceptable detection accuracy and allow for uninterrupted access to services on a system.
Recommended Citation
West, Spencer Ryan, "A Low Resource Intrusion Detection System Using Osquery" (2025). 2025 Symposium. 34.
https://dc.ewu.edu/srcw_2025/ps_2025/p1_2025/34
Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial-No Derivative Works 4.0 International License.
A Low Resource Intrusion Detection System Using Osquery
PUB NCR
Intrusion Detection Systems (IDS) are fundamental tools in monitoring and alerting system and network administrators to cyber threats occurring on those systems. An IDS is a security application that generates notifications when the system or network that the application is monitoring is under attack. The use of an IDS is a necessary tool in monitoring large networks for existing vulnerabilities that may go unnoticed by system administrators. An IDS can notify administrators when an attack is occurring, and which resources are affected by an attack. Many IDS applications at present contain resource intensive tools that draw on resources that are shared with a system running either one or more services. The intensive consumption of resources can affect two things, the first being that the resource limits of a system can affect the detection rate or accuracy of the IDS and the second is that resource consumption can affect availability of a service running on that system. In this research, I purpose an IDS that consumes minimal resources that will have acceptable detection accuracy and allow for uninterrupted access to services on a system.
