A process state-transition analysis and its application to intrusion detection

Proceedings - Annual Computer Security Applications Conference, ACSAC

Volumn Part F133431, Issue , 1999, Pages 378-387

  Nuansri, Nittida ^a,b   Singh, Samar ^b   Dillon, Tharam S ^b  

^a PRINCE OF SONGKLA UNIVERSITY   (Thailand)

^b LA TROBE UNIVERSITY   (Australia)

Author keywords

[No Author keywords available]

Indexed keywords

SECURITY SYSTEMS;

BUFFER OVERFLOWS; INTRUSION DETECTION SYSTEMS; ITS APPLICATIONS; PROCESS STATE; SECURITY BREACHES; SECURITY VIOLATIONS; STATE TRANSITIONS; SYSTEM SECURITY;

INTRUSION DETECTION;

EID: 0005946780     PISSN: 10639527     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/CSAC.1999.816050     Document Type: Conference Paper

References (21)

1. 4.4BSD Berkeley Software Distribution, User's Reference Manual (URM), The USEMX Association and O'Reilly & Associates, Inc. (1994)
2. R. P. Abbott, " Security Analysis and Enhancements of Computer Operating Systems", Technical Report NBSIR 76-1041, Institute of Computer Science and Technology, National Bureau of Standards (1976)
3. T. Aslam, "A Taxonomy of Security Faults in Unix Operating System", Master Thesis, Department of Computer Science, Purdue University (August 1995), http://www.cs.purdue.edu/coast/coast-library.html
4. T. Aslam, I. Krsul, E. H. Spafford, "Use of a Taxonomy of Security Faults", Technical Report TR-96-051, Department of Computer Science, Purdue University (September 1996), http: //www.cs.purdue.edu/coast/coast-library.html
5. M. Bishop, D. Bailey, "A Critical Analysis of Vulnerability Taxonomies", Technical Report CSE-96-11, Department of Computer Science, University of California at Davis (September 1996), http://seelab.cs.ucdavis.edu/papers.html
6. J. Carlstead, R. Bibsey II, F. Popek, "Pattern-directed Protection Evaluation", Technical Report, Information Sciences Institute, University of Southern California (June 1975)
7. D. E. Denning, "An Intrusion Detection Model", IEEE Transactions on Software Engineering, Vol. SE-13 No. 2, pg. 222-232, (February 1987)
8. S. A. Hofmeyr, S. Forrest, A. Somayaji, "Intrusion Detection using Sequences of System Calls", Department of Computer Science, University of New Mexico, (1998), http://www.cs.unm.edu/-steveah/publications/ids.ps
9. R. A. Kemmerer, "NSTAT: A Model-based Real-time Network Intrusion Detection System", Technical Report TRCS97-18, Department of Computer Science, University of California, Santa Barbara (1997), http://www.cs.ucsb.edu/
10. C. C. W. Ko, "Execution Monitoring of Security-Critical Programs in a Distributed System: A Specification-Based Approach", Ph.D. Thesis, Department of Computer Science, University of California, Davis California, (1996), http://seclab.cs.ucdavis.edu/ papers.html
11. V. Krsul, "Software Vulnerability Analysis", PhD Thesis, Department of Computer Science, Purdue University (May 1998), http://www.cs.purdue.edu/coast/coast-library.html
12. S. Kumar, E. H. Spafford, "A Pattern Matching Model for Misuse Intrusion Detection", Proceedings of the 17th National Computer Security Conference, (1994)
13. C. E. Landwehr, A. R. Bull, J. P. McDermott, W. Choi, "A Taxonomy of Computer Program Security Flaws", ACM Computing Surveys, Vol. 26 No. 3, pg. 211-254, September 1994
14. B. Marick, "A Survey of Software Fault Surveys", Technical Report, UIUCDCS-R-90-1651, University of Illinois at Urbana-Champaign, December 1990
15. B. Mukherjee, L. T. Heberlein, K. N. Levitt, "Network Intrusion Detection", IEEE Network, Vol. 8(3), pg. 26¬ 41, May/June 1994
16. P. Porras, "STAT - A State Transition Analysis Tool for Intrusion Detection." Master's thesis, Computer Science Department, University of California, Santa Barbara, June 1992.
17. P.A. Porras, P.G. Neumann, "Conceptual Design and Planning for EMERALD: Event Monitoring Enabling Responses to Anomalous Live Disturbances", Technical report, Computer Science Laboratory, SRI International, Menlo Park, CA, (October 1997), h t t p: / / w w w . c s l . s r i . c o m / i n t r u s i o n . h t m l
18. J. R. Raymond, "Quantitative Aspects of Software Validation", SIGPLAN Notices, Vol. SE-5(3), pg. 276-286 (May 1975)
19. S. E. Smaha, "Haystack: An Intrusion Detection System", Proceedings of The 4th Aerospace Computer Security Applications Conference, Florida, pg. 37-44, (December 12-16, 1988)
20. M. Sobirey, B. Richter, H. Konig, "The Intrusion Detection System AID - Architecture, and Experiences in Automated Audit Analysis", IFIP-TC6 Workshop on Communications and Multimedia Security, (September 1996).
21. F.B. Schneider, "Enforceable Security Policies", TR98-1688, Cornell University (Revised July 24, 1999)