Intrusion Detection Using Sequences of System Calls

13 years 11 months ago

Download www.cs.unm.edu

A method is introducted for detecting intrusions at the level of privileged processes. Evidence is given that short sequences of system calls executed by running processes are a good discriminator between normal and abnormal operating characteristics of several common UNIX programs. Normal behavior is collected in two ways: Synthetically, by exercising as many normal modes of usage of a program as possible, and in a live user environment by tracing the actual execution of the program. In the former case several types of intrusive behavior were studied; in the latter case, results were analyzed for false positives.

Steven A. Hofmeyr, Stephanie Forrest, Anil Somayaj

Real-time Traffic

Abnormal Operating Characteristics | Common Unix Programs | JCS 1998 | Privileged Processes |

claim paper

Post Info
More Details (n/a)

Added	22 Dec 2010
Updated	22 Dec 2010
Type	Journal
Year	1998
Where	JCS
Authors	Steven A. Hofmeyr, Stephanie Forrest, Anil Somayaji

Comments (0)

Sciweavers

Intrusion Detection Using Sequences of System Calls

Abnormal Operating Characteristics | Common Unix Programs | JCS 1998 | Privileged Processes |

Explore & Download

Productivity Tools

Document Tools

Image Tools

Sciweavers