Intrusion Detection using Sequences of System Calls

Intrusion Detection using Sequences of System Calls (1998)

Cached

Download Links

Other Repositories/Bibliography

DBLP

by Steven A. Hofmeyr , Stephanie Forrest , Anil Somayaji

Venue:	Journal of Computer Security
Citations:	245 - 13 self

BibTeX

@ARTICLE{Hofmeyr98intrusiondetection,
    author = {Steven A. Hofmeyr and Stephanie Forrest and Anil Somayaji},
    title = {Intrusion Detection using Sequences of System Calls},
    journal = {Journal of Computer Security},
    year = {1998},
    volume = {6},
    pages = {151--180}
}

Years of Citing Articles

Bookmark

OpenURL

Abstract

A method is introducted for detecting intrusions at the level of privileged processes. Evidence is given that short sequences of system calls executed by running processes are a good discriminator between normal and abnormal operating characteristics of several common UNIX programs. Normal behavior is collected in two ways: Synthetically, by exercising as many normal modes of usage of a program as possible, and in a live user environment by tracing the actual execution of the program. In the former case several types of intrusive behavior were studied; in the latter case, results were analyzed for false positives. 1 Introduction Modern computer systems are plagued by security vulnerabilities. Whether it is the latest UNIX buffer overflow or bug in Microsoft Internet Explorer, our applications and operating systems are full of security flaws on many levels. From the viewpoint of the traditional security paradigm, it should be possible to eliminate such problems through more exten...

Citations

1783	An Introduction to the Bootstrap - Tibshirani, R - 1993
462	Cryptographyand Data Security - Denning - 1982
457	A sense of self for unix processes - Forrest, Hofmeyr, et al. - 1996
239	transition analysis: A rule-based intrusion detection approach - Ilgun, Kermmerer, et al. - 1995
221	An Intrusion Detection Model - Denning - 1987
185	The Design and Implementation of Tripwire: A File System Integrity Checker - Kim, Spafford - 1994
152	CA: Computer immunology - Forrest, Beauchemin
140	Building diverse computer systems - Forrest, Somayaji, et al. - 1997
123	A network security monitor - HEBERLEIN, DIAS, et al. - 1990
123	Classification and detection of computer intrusions - Kumar - 1995
123	E.: A pattern matching model for misuse intrusion detection - Kumar, Spafford - 1994
104	Automated detection of vulnerabilities in privileged programs by execution monitoring - KO, FINK, et al. - 1994
96	An Immunological Approach to Change Detection: Algorithm, Analysis and Implication - D’haeseleer - 1996
90	Next generation intrusion detection expert system (NIDES): User manual for security officer user interface (SOUI)," technical report - Anderson - 1993
90	A Biologically Inspired Immune System for Computers - Kephart - 1994
86	The COPS security checker system - Farmer, Spafford - 1990
67	Adaptive real-time anomaly detection using inductively generated sequential patterns - Teng, Chen, et al.
63	Principles of a computer immune system - SOMAYAJI, HOFMEYR, et al. - 1997
62	The architecture of a network level intrusion detection system.Technical report - Heady, Luger, et al. - 1990
61	Defending a computer system using autonomous agents - Crosbie, Spafford - 1995
59	Artificial intelligence and intrusion detection: Current and future directions - Frank - 1994
59	NADIR “An automated system for detection network intrusion and misuse” , Cpmputers and Security - Jackson, Stallings, et al.
58	A real-time intrusion detection expert system (IDES) - final technical report - Lunt, Tamaru, et al. - 1992
58	An Application of Pattern Matching in Intrusion Detection - KUMAR, SPAFFORD - 1994
49	Detecting Intruders in Computer Systems - LUNT - 1993
44	A neural network approach towards intrusion detection - Fox, Henning, et al. - 1990
25	Security audit trail analysis using inductively generated predictive rules - Teng, Lu - 1990
13	Automated detection of vulnerabilities in priviledged programs by execution monitoring - Ko, Fink, et al. - 1994
11	Misuse detection tools - Smaha, Winslow - 1994
10	Improving the security of your site by breaking into it - Farmer, Venema - 1993
9	A Real-Time Intrusion Detection Expert - Lunt, Tamura, et al. - 1992
5	Countering abuse of name-based authentication - Schuba, Spafford - 1994
4	Internet Security Monitor: An Intrusion Detection System for Large Scale Networks - Heberlein, Mukherjee, et al. - 1992
3	Syslog vulnerability - a workaround for sendmail. Ftp://info.cert.org/pub/ cert_advisories/ CA-95:13.syslog.vul - CERT - 1995
3	Hofmeyr S A, Forrest S. Principles of a computer immune system - Somayaji - 1997
3	Intrusion Detection: Its Role and Validation - Liepens, Vaccaro - 1992
2	Intrusion detection: Its role and validation - Liepins, Vaccaro - 1992
2	Hofmeyr S A, Somajayi A. Computer Immunology - Forrest - 1997
2	Perelson A S, Allen L, Cherukuri R. Self-Nonself discrimination in a Computer - Forrest - 1994
2	R A, Porras Ph A. State Transition Analysis: A Rule-Based Intrusion Detection Approach - Kemmerer - 1995
1	swinstall vulnerability. Ftp://info.cert.org/pub/ cert_advisories/ CA-96:27 - CERT - 1996