Anomalous System Call Detection

Anomalous System Call Detection (2006)

Cached

Download Links

[www.auto.tuwien.ac.at]
[www.cs.ucsb.edu]

Other Repositories/Bibliography

DBLP

by Darren Mutz , Fredrik Valeur , Christopher Kruegel , Giovanni Vigna

Venue:	ACM Transactions on Information and System Security
Citations:	29 - 3 self

BibTeX

@ARTICLE{Mutz06anomaloussystem,
    author = {Darren Mutz and Fredrik Valeur and Christopher Kruegel and Giovanni Vigna},
    title = {Anomalous System Call Detection},
    journal = {ACM Transactions on Information and System Security},
    year = {2006},
    volume = {9},
    pages = {61--93}
}

Years of Citing Articles

Bookmark

OpenURL

Abstract

this paper presents a novel anomaly detection approach that takes into account the information contained in system call arguments. We introduce several models that learn the characteristics of legitimate argument values and are capable of finding malicious instances. Based on the proposed models, we developed a host-based intrusion detection system that monitors running applications to identify malicious behavior. The system includes a novel technique for performing Bayesian classification of the outputs of individual detection models. This technique provides an improvement over the nave threshold-based schemes traditionally used to combine model outputs

Citations

562	Bro: A system for detecting network intruders in real-time - Paxson - 1999
457	A sense of self for unix processes - Forrest, Hofmeyr, et al. - 1996
423	Bayesian networks and decision graphs - Jensen - 2001
340	A Secure Environment for Untrusted Helper Applications - Goldberg, Wagner, et al. - 1996
314	event monitoring enabling responses to anomalous live disturbances - Porras, Neumann - 1997
245	D (2001) Intrusion detection via static analysis - Wagner, Dean
221	An Intrusion Detection Model - Denning - 1987
217	Improving host security with system call policies - Provos - 2003
158	P (2002) Mimicry attacks on host-based intrusion detection systems. In: CCS’02: proc of the 9th ACM conf on comp and comm security - Wagner, Soto
149	Execution Monitoring of Security-Critical Programs in Distributed Systems: A SpecificationBased Approach - Ko, Ruschitzka, et al. - 1997
140	Practical Automated Detection of Stealthy Portscans - Staniford, Hoagland, et al. - 2002
124	Hidden Markov Model Induction by Bayesian Model Merging - Stolcke, Omohundro - 1993
112	Anomaly detection using call stack information - Feng, Koleshnikov, et al.
112	Inducing probabilistic grammars by bayesian model merging - Stolcke, Omohundro - 1994
107	The SRI IDES statistical anomaly detector - JAVITZ, VALDES - 1991
95	Experience with EMERALD to date - NEUMANN, PORRAS - 1999
95	Intrusion detection with unlabeled data using clustering - Portnoy, Eskin, et al. - 2001
92	Learning patterns from unix process execution traces for intrusion detection - Lee, Stolfo, et al. - 1997
81	Undermining an anomaly-based intrusion detection system using common exploits - Tan, Killourhy, et al. - 2002
71	Efficient Context-Sensitive Intrusion Detection - Giffin, Jha, et al. - 2004
58	Mining in a data-flow environment: Experience in network intrusion detection - Lee, Stolfo, et al.
53	Detecting Anomalous and Unknown Intrusions against Programs - Ghosh, Wanken, et al. - 1998
51	R.: ”Why 6?” Defining the operational limits of stide, an anomaly-based intrusion detector - Tan, Maxion - 2002
47	Analysis and results of the 1999 DARPA off-line intrusion detection evaluation - LIPPMANN, HAINES, et al. - 2000
36	Bluebox: A policy-driven, host-based intrusion detection system - Chari, Cheng - 2003
25	Designing and implementing a family of intrusion detection systems. ESEC/FSE-11: Proceedings of the 9th European software engineering conference held jointly with - Vigna, Valeur, et al. - 2003
23	Learning fingerprints for a database intrusion detection system - Lee, Low, et al.
21	An approach to UNIX security logging - Axelsson, Lindqvist, et al. - 1998
21	A Porras. Detecting computer and network misuse with the production-based expert system toolset - Lindqvist, Phillip - 1999
19	REMUS: A securityenhanced operating system - Bernaschi, Gabrielli, et al.
12	Learning classifiers for misuse and anomaly detection using a bag of system calls representation - Kang, Fuller, et al. - 2005
9	Detecting network intrusions via a statistical analysis of network packet characteristics - Bykova, Ostermann, et al.
9	System iNtrusion Analysis and Reporting Environment, http://www.intersectalliance.com/projects/Snare D. Mutz et al - SNARE