Abstract

A method is introduced for detecting intrusions at the level of privileged processes. Evidence is given that short sequences of system calls executed by running processes are a good discriminator between normal and abnormal operating characteristics of several common UNIX programs. Normal behavior is collected in two waysc Synthetically, by exercising as many normal modes of usage of a program as possible, and in a live user environment by tracing the actual execution of the program. In the former case several types of intrusive behavior were studieds in the latter case, results were analyzed for false positives.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Similar Papers

Paper Title
Journal
Date
Author
Profiling program and user behaviors for anomaly intrusion detection based on non-negative matrix factorization
Wei Wang ... Xiangliang Zhang
-
Wei Wang, et. al. Wei Wang ... Xiangliang Zhang
01 Jan 2004
An Intrusion Detection Approach Based on System Call Sequences and Rules Extraction
Qing Ye ... Xiaoping Wu
-
Qing Ye, et. al.Qing Ye ... Xiaoping Wu
01 May 2010
A Reinforcement Learning Approach for Host-Based Intrusion Detection Using Sequences of System Calls
Xin Xu ... Tao Xie
-
Xin Xu, et. al.Xin Xu ... Tao Xie
01 Jan 2004
Intrusion detection using sequences of system calls
...
Journal of Computer Security | VOL. -
, et. al. ...
01 Aug 1998
View more papers

More From: Journal of Computer Security

Paper Title
Journal
Date
Author
E-Tenon: An efficient privacy-preserving secure open data sharing scheme for EHR system
Prosanta Gope ... Jianting Ning
Journal of Computer Security | VOL. 32
Prosanta Gope, et. al.Prosanta Gope ... Jianting Ning
26 Aug 2024
DSLR–: A low-overhead data structure layout randomization for defending data-oriented programming
Jin Wei ... Ping Chen
Journal of Computer Security | VOL. 32
Jin Wei, et. al.Jin Wei ... Ping Chen
17 Jun 2024
Analysis of neural network detectors for network attacks
Qingtian Zou ... Lan Zhang
Journal of Computer Security | VOL. 32
Qingtian Zou, et. al.Qingtian Zou ... Lan Zhang
17 Jun 2024
Proactive enforcement of provisions and obligations
David Basin ... Thomas Hildebrandt
Journal of Computer Security | VOL. 32
David Basin, et. al.David Basin ... Thomas Hildebrandt
17 Jun 2024
View more papers

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.