See this document in CiteSeerX!

Anomaly Detection Using Call Stack Information (2003)  (Make Corrections)  (13 citations)
Henry Hanping Feng, Oleg M. Kolesnikov, Prahlad Fogla, Wenke Lee, Weibo Gong



  Home/Search   Context   Related

 
View or download:
gatech.edu/~ok/w/ok_idpc.pdf
umass.edu/~gong/papers/ok_idpc.pdf
Cached:  PS.gz  PS  PDF   Image  Update  Help

From:  gatech.edu/~ok/ (more)
(Enter author homepages)

Rate this article: (best)
  Comment on this article  
(Enter summary)

Abstract: The call stack of a program execution can be a very good information source for intrusion detection. There is no prior work on dynamically extracting information from call stack and effectively using it to detect exploits. In this paper, we propose a new method to do anomaly detection using call stack information. The basic idea is to extract return addresses from the call stack, and generate abstract execution path between two program execution points. Experiments show that our method can... (Update)

Cited by:   More
Dataflow Anomaly Detection - Bhatkar, Chaturvedi, Sekar   (Correct)
Improving Attack Detection in Host-Based IDS by.. - Chaturvedi, Bhatkar.. (2005)   (Correct)
Context Sensitive Anomaly Monitoring of Process Control Flow.. - Xu, Du, Chapin (2004)   (Correct)

Active bibliography (related documents):   More   All
0.6:   Efficient Context-Sensitive Intrusion Detection - Giffin, Jha, Miller (2004)   (Correct)
0.6:   Formalizing Sensitivity in Static Analysis for Intrusion Detection - Feng (2004)   (Correct)
0.5:   Towards Informatic Analysis of Syslogs - Jon Stearley Sandia   (Correct)

Similar documents based on text:   More   All
0.3:   Producing an Accurate Call-Stack Trace in the Occasional Absence .. - Copperman (1992)   (Correct)
0.3:   Low Cost Methods for Predicting Heap Object Behavior - Seidl, Zorn (1999)   (Correct)
0.2:   A Framework for Constructing Features and Models for Intrusion.. - Lee, Stolfo (2000)   (Correct)

Related documents from co-citation:   More   All
12:   Intrusion detection via static analysis - Wagner, Dean - 2001
11:   Mimicry attacks on host based intrusion detection systems - Wagner, Soto - 2002
8:   A sense of self for unix processes - Forrest, Hofmeyr et al. - 1996

BibTeX entry:   (Update)

H. Feng, O. Kolesnikov, P. Fogla, W. Lee, and W. Gong. Anomaly detection using call stack information. In IEEE Symposium on Security and Privacy, Oakland, California, May 2003. http://citeseer.ist.psu.edu/feng03anomaly.html   More

@misc{ feng03anomaly,
  author = "H. Feng and O. Kolesnikov and P. Fogla and W. Lee and W. Gong",
  title = "Anomaly detection using call stack information",
  text = "H. Feng, O. Kolesnikov, P. Fogla, W. Lee, and W. Gong. Anomaly detection
    using call stack information. In IEEE Symposium on Security and Privacy,
    Oakland, California, May 2003.",
  year = "2003",
  url = "citeseer.ist.psu.edu/feng03anomaly.html" }
Citations (may not include all citations):
142   A Sense of Self for Unix Processes - Forrest, Hofmeyr et al. - 1996
141   StackGuard: Automatic Adaptive Detection and Prevention of B.. - Cowan, Pu et al. - 1998
84   Data Mining Approaches for Intrusion Detection - Lee, Stolfo - 1998
60   Detecting Intrusions Using System Calls: Alternative Data Mo.. - Warrender, Forrest et al. - 1999
59   Execution Monitoring of Security-Critical Programs in Distri.. (context) - Ko - 1996
54   Intrusion Detection via Static Analysis - Wagner, Dean - 2001
52   Automated Detection of Vulnerabilities in Privileged Program.. - Ko, Fink et al. - 1994
46   Using ProgrammerWritten Compiler Extensions to Catch Securit.. - Ashcraft, Engler - 2002
29   Buffer Overflows: Attacks and Defenses for the Vulnerability.. (context) - Cowan, Wagle et al. - 2000
27   A study in using neural networks for anomaly and misuse dete.. (context) - Ghosh, Schwartzbard - 1999
26   Mimicry Attacks on HostBased Intrusion Detection Systems - Wagner, Soto - 2002
25   Learning Patterns from Unix Process Execution Traces for Int.. - Lee, Stolfo et al. - 1997
17   A Fast Automaton-Based Method for Detecting Anomalous Progra.. - Sekar, Bendre et al. - 2001
16   Combinatorial Pattern Discovery in Biological Sequences: The.. (context) - Rigoutsos, Floratos - 1998
12   Detecting Manipulated Remote Call Streams (context) - Giffin, Jha et al. - 2002
11   Intrusion Detection Using Variable-Length Audit Trail Patter.. (context) - Wespi, Dacier et al. - 1907
3   Intrusion Detection System Using Sequences of System Calls (context) - Hofmeyr, Somayaji et al. - 1998
2   the Time Complexity of the TEIRESIAS Algorithm (context) - Floratos, Rigoutsos - 1998
1   The Process of Security (context) - Schneier - 2000
http://www.mindcraft.com/webstone/



The graph only includes citing articles where the year of publication is known.

Documents on the same site (http://www.cc.gatech.edu/~ok/):   More
Usage Characteristics of Dial-in Internet Users: A.. - Hutchins.. (2001)   (Correct)
Dynamic Manycasting Hierarchies - Kolesnikov, Ali (2000)   (Correct)
Advanced Polymorphic Worms: Evading IDS by Blending in with.. - Kolesnikov, Lee (2004)   (Correct)

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC