Benjamin A. Kuperman, Eugene Spafford  Home/Search
Context Related
| purdue.edu/ssl/techreportss...9911.ps Cached: PS.gz PS PDF This document uses CoBlitz to cache paper downloads. If your firewall is blocking outgoing connections to port 3125, you can use these links to download local copies.
Image Update HelpPS.gz PS PDF From: purdue.edu/ssl/techreportsssl... (more) Homepages: B.Kuperman E.Spafford |
Rate this article:      (best)Comment on this article |
Abstract: One difficulty encountered by intrusion and misuse detection systems is a lack of application level audit data. Frequently, applications used are written by third parties and may be distributed only in a binary format. In this paper we present a technique to generate application level audit data using library interposition. Interposition allows the generation of audit data without needing to recompile either the system libraries or the application of interest. We created a library that detects... (Update)
Context of citations to this paper: More
...and that try to observe their behavior by looking at their inputs and outputs. Wrapper libraries using library interposition [6]. Using this technique, calls to library functions can be intercepted, monitored, modi ed or even cancelled by the interposing library....
...the process information gathering component was built into the Unix kernel, it would be considered an internal sensor. A library wrapper [81] is considered as an external sensor because its code is separate from that of the program it monitors. According to our definitions, an...
Cited by: More
Design of Intrusion Detection System at User Level with.. - TABATA, SAKURAI (2004) (Correct)
Privilege Flows Modeling for Effective Intrusion Detection based .. - Park, Cho (2002) (Correct)
Using Internal Sensors For Computer Intrusion Detection - Zamboni (2001) (Correct)
Active bibliography (related documents): More All
0.5: A Building Block Approach to Intrusion Detection - Crosbie, Kuperman (2001) (Correct)
0.5: PointGuard™: Protecting Pointers from Buffer.. - Cowan, Beattie.. (2003) (Correct)
0.5: Real-Time System Performance Visualization and Analysis.. - Bakic, Mutka, Rover (1997) (Correct)
Similar documents based on text: More All
0.5: Subliminal Traceroute in TCP/IP - Daniels, Spafford (2000) (Correct)
0.3: Profiling and Tracing Dynamic Library Usage Via Interposition - Curry (1994) (Correct)
0.3: Interposition Agents: Transparently Interposing User Code at the.. - Jones (Correct)
Related documents from co-citation: More All
6: web page httpwww (context) - web, http et al.
4: Host-based misuse detection and conventional operating systems' audit data colle.. (context) - Price - 1997
3: and denial of service: Eluding network intrusion detection (context) - Ptacek, Newsham et al. - 1998
BibTeX entry: (Update)
Benjamin A. Kuperman and Eugene H. Spafford. Generation of application level audit data via library interposition. CERIAS TR 99-11, COAST Laboratory, Purdue University, West Lafayette, IN, October 1998. URL https://www.cerias.purdue.edu/ techreports-ssl/public/99-11.ps. http://citeseer.ist.psu.edu/kuperman99generation.html More
@techreport{ kuperman99interpose,
author = "Benjamin A. Kuperman and Eugene Spafford",
title = "{Generation of Application Level Data via Library Interposition}",
url = "citeseer.ist.psu.edu/kuperman99generation.html",
url = "https://www.cerias.purdue.edu/techreports-ssl/public/99-11.pdf",
school = "Purdue University",
institution = "{COAST} Laboratory",
address = "West Lafayette, Indiana 47907-1398",
number = "CERIAS TR 1999-11",
month = oct,
year = 1999
}
Citations (may not include all citations):175 A secure environment for untrusted helper applications - Goldberg, Wagner et al. - 1996
121 Network intrusion detection (context) - Mukherjee, Heberlein et al. - 1994 ACM
106 Advanced Programming in the UNIX Environment (context) - Stevens - 1992 ACM
100 Interposition agents: Transparently interposing user code at.. - Jones - 1993 DBLP
66 Smashing the stack for fun and profit (context) - One - 1997
63 An architecture for intrusion detection using autonomous age.. - Balasubramaniyan, Garcia-Fernandez et al. - 1998 ACM DBLP
59 Practical UNIX Security (context) - Garfinkel, Spafford - 1991 ACM
52 Checking for race conditions in file accesses - Bishop, Dilger - 1996 DBLP
23 Detecting intruders in computer systems - Lunt - 1990
19 Stack smashing vulnerabilities in the unix operating system (context) - Smith - 1997
18 User-level infrastructure for system call interposition: A p.. - Jain, Sekar - 1999
15 Use of a taxonomy of security faults - Aslam, Krsul et al. - 1996
13 Protecting systems from stack smashing attacks with stackgua.. (context) - Cowan, Beattie et al. - 1999
8 Host-based misuse detection and conventional operating syste.. (context) - Price - 1997
7 Computer vulnerability analysis - Krsul, Spafford et al. - 1998
6 Profiling and tracing dynamic library usage via interpositio.. - Curry - 1994 DBLP
5 A Pattern Matching Approach to Misuse Intrusion Detection (context) - Kumar - 1995
3 URL http://www (context) - Designer, stack - 1997
2 Software Developer AnswerBook (context) - Linker, Solaris - 1994
2 Non-executable stack for solaris (context) - Dik - 1997
1 security portal (context) - URL, www et al. - 1999
1 and security flaws; or the tortoise and the hare redux (context) - Bishop, files - 1995
1 URL ftp://ftp (context) - overflow - 1997
1 Linux Programmer's Manual: getitimer (context) - manual - 1993
1 URL ftp://ftp (context) - Snarskii, integrity - 1997
The graph only includes citing articles where the year of publication is known.
Documents on the same site (http://www.cerias.purdue.edu/ssl/techreports-ssl/): More
Doing Intrusion Detection Using Embedded Sensors - Zamboni (2000) (Correct)
Algorithms for Variable Length Subnet Address Assignment - Atallah, Comer (Correct)
Categorization of Software Errors that led to Security Breaches - Du, Mathur (1997) (Correct)
Online articles have much greater impact More about CiteSeer.IST Add search form to your site Submit documents Feedback
CiteSeer.IST - Copyright Penn State and NEC