Mimicry attacks on host-based intrusion detection systems

Proceedings of the ACM Conference on Computer and Communications Security

Volumn , Issue , 2002, Pages 255-264

  Wagner, David ^a   Soto, Paolo ^a  

^a UNIVERSITY OF CALIFORNIA   (United States)

Author keywords

Anomaly detection; Evasion attacks; Host based intrusion detection

Indexed keywords

AUTOMATA THEORY; CLIENT SERVER COMPUTER SYSTEMS; COMPUTER CRIME; COMPUTER OPERATING SYSTEMS; COMPUTER SIMULATION; CRYPTOGRAPHY; ELECTRONIC DOCUMENT IDENTIFICATION SYSTEMS; FORMAL LANGUAGES;

ANOMALY DETECTION; EVASION ATTACKS; HOST BASED INTRUSION DETECTION SYSTEMS; MIMICRY ATTACKS;

SECURITY OF DATA;

EID: 0038011184     PISSN: 15437221     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/586110.586145     Document Type: Conference Paper

References (27)

1. M. Chung, N. Puketza, R.A. Olsson, B. Mukherjee, "Simulating Concurrent Intrusions for Testing Intrusion Detection Systems: Parallelizing Intrusions," National Information Systems Security Conference, pp. 173-183, 1995.
2. S. Forrest, S.A. Hofmeyr, A. Somayaji, T. A. Longstaff, "A Sense of Self for Unix Processes," 1996 IEEE Symposium on Security & Privacy.
3. S. Forrest, A.S. Perelson, L. Allen, R. Cherukuri, "Self-Nonself Discrimination in a Computer," 1994 IEEE Symposium on Security & Privacy.
4. A.K. Ghosh, A. Schwartzbard, M. Schatz, "Learning Program Behavior Profiles for Intrusion Detection," 1st USENIX Workshop on Intrusion Detection & Networking Monitoring, 1999.
5. A.K. Ghosh, A. Schwartzbard, M. Schatz, "Using Program Behavior Profiles for Intrusion Detection," 3rd SANS Workshop on Intrusion Detection & Response, 1999.
6. J.T. Giffin, S. Jha, B.P. Miller, "Detecting Manipulated Remote Call Streams," 11th USENIX Security Symposium, 2002.
7. M. Handley, C. Kreibich, V. Paxson, "Network Intrusion Detection: Evasion, Traffic Normalization, and End-to-End Protocol Semantics," 10th USENIX Security Symposium, 2001.
8. S. Hofmeyr, S. Forrest, A. Somayaji, "Intrusion Detection Using Sequences of System Calls," Journal of Computer Security, vol. 6, pp. 151-180, 1998.
9. G.J. Holzmann, Design and Validation of Computer Protocols, Prentice-Hall, 1990.
10. G.J. Holzmann, "The Model Checker Spin," IEEE Trans. on Software Engineering, Special issue on Formal Methods in Software Practice, May 1997.
11. J.E. Hopcroft, J.D. Ullman, Introduction to Automata Theory, Languages, and Computation, Addison-Wesley, 1979.
12. T. Lane, C.E. Brodley, "Sequence Matching and Learning in Anomaly Detection for Computer Security," AAAI Workshop: AI Approaches to Fraud Detection and Risk Management, pp.49-49, 1997.
13. T. Lane, C.E. Brodley, "Temporal Sequence Learning and Data Reduction for Anomaly Detection," ACM Trans. Information & System Security, vol. 2, no. 3, pp.295-331, 1999.
14. W. Lee, S.J. Stolfo, "Data Mining Approaches for Intrusion Detection," 7th USENIX Security Symposium, 1998.
15. W. Lee, S.J. Stolfo, K. Mok, "A Data Mining Framework for Building Intrusion Detection Models," IEEE Symposium on Security & Privacy, 1999.
16. K.L. McMillan, Symbolic Model Checking, Kluwer Academic Publishers, 1993.
17. C. Michael, A. Ghosh, "Using Finite Automata to Mine Execution Data for Intrusion Detection: A Preliminary Report," RAID 2000, LNCS 1907, pp. 66-79, 2000.
18. V. Paxson, "Bro: A System for Detecting Network Intruders in Real-Time," Computer Networks, 31 (23-24), pp.2435-2463, 14 Dec. 1999.
19. T.H. Ptacek, T.N. Newsham, "Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection," Secure Networks, Jan. 1998.
20. F. Schneider, "Enforceable security policies," ACM Transactions on Information & System Security, vol. 3, no. 1, pp.30-50, Feb. 2000.
21. A. Somayaji, S. Forrest, "Automated Response Using System-Call Delays," 9th Usenix Security Symposium, pp.185-197, 2000.
22. A.B. Somayaji, "Operating System Stability and Security through Process Homeostasis," Ph.D. dissertation, Univ. New Mexico, Jul. 2002.
23. K.M.C. Tan, K.S. Killourhy, R.A. Maxion, "Undermining an Anomaly-Based Intrusion Detection System Using Common Exploits," to appear at RAID 2002, 16-18 Oct. 2002.
24. K. Tan, J. McHugh, K. Killourhy, "Hiding Intrusions: From the abnormal to the normal and beyond," to appear at 5th Information Hiding Workshop, 7-9 Oct. 2002.
25. D. Wagner, D. Dean, "Intrusion Detection via Static Analysis," IEEE Symposium on Security & Privacy, 2001.
26. C. Warrender, S. Forrest, B. Pearlmutter, "Detecting intrusions using system calls: Alternative data models," 1999 IEEE Symposium on Security & Privacy.
27. A. Wespi, M. Dacier, H. Debar, "Intrusion Detection Using Variable-Length Audit Trail Patterns," RAID 2000, LNCS 1907, pp.110-129, 2000.