Anomaly detection using call stack information

Proceedings of the IEEE Computer Society Symposium on Research in Security and Privacy

Volumn , Issue , 2003, Pages 62-75

  Feng, Henry Hanping ^a   Kolesnikov, Oleg M ^b   Fogla, Prahlad ^b   Lee, Wenke ^b   Gong, Weibo ^a  

^a University of Massachusetts   (United States)

^b Georgia Institute of Technology   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

COMPUTER PROGRAMMING LANGUAGES; COMPUTER SIMULATION; FINITE AUTOMATA; ONLINE SYSTEMS; PERFORMANCE;

ANOMALY DETECTION; CALL STACK INFORMATION;

INFORMATION RETRIEVAL;

EID: 0038825045     PISSN: 10637109     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (20)

1. K. Ashcraft and D.R. Engler, "Using Programmer-Written Compiler Extensions to Catch Security Holes", IEEE Symposium on Security and Privacy, Oakland, CA, 2002.
2. C. Cowan, C. Pu, D. Maier, H. Hinton, P. Bakke, S. Beattie, A. Grier, P. Wagle and Q. Zhang, "Stack-Guard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks", 7th USENIX Security Symposium, San Antonio, TX, 1998.
3. C. Cowan, P. Wagle, C. Pu, S. Beattie and J. Walpole, "Buffer Overflows: Attacks and Defenses for the Vulnerability of the Decade", DARPA Information Survivability Conference and Expo, Hilton Head Island, SC, 2000.
4. A. Floratos and I. Rigoutsos, "On the Time Complexity of the TEIRESIAS Algorithm", Research Report 98A00290, IBM, 1998.
5. S. Forrest, S.A. Hofmeyr, A. Somayaji and T.A. Longstaff, "A Sense of Self for Unix Processes", IEEE Symposium on Computer Security and Privacy, Los Alamos, CA, pp.120-128, 1996.
6. A. Ghosh and A. Schwartzbard, "A study in using neural networks for anomaly and misuse detection", 8th USENIX Security Symposium, pp. 141-151, 1999.
7. J.T. Giffin, S. Jha and B.P. Miller, "Detecting Manipulated Remote Call Streams", 11th USENIX Security Symposium, 2002.
8. S.A. Hofmeyr, A. Somayaji, and S. Forrest, "Intrusion Detection System Using Sequences of System Calls", Journal of Computer Security, 6(3), pp. 151-180, 1998.
9. C. Ko, "Execution Monitoring of Security-Critical Programs in Distributed Systems: A Specification-based Approach". PhD thesis, UC Davis, 1996.
10. C. Ko, G. Fink and K. Levitt, "Automated Detection of Vulnerabilities in Privileged Programs by Execution Monitoring", 10th Computer Security Applications Conference, Orlando, Fl, pp. 134-144, 1994.
11. W. Lee and S. Stolfo, "Data Mining Approaches for Intrusion Detection", 7th USENIX Security Symposium, San Antonio, TX, 1998.
12. W. Lee, S. Stolfo, and P. Chan, "Learning Patterns from Unix Process Execution Traces for Intrusion Detection", AAAI Workshop: AI Approaches to Fraud Detection and Risk Management, 1997.
13. Mindcraft, "WebStone Benchmark Information", http://www.mindcraft.com/webstone/.
14. I. Rigoutsos and A. Floratos, "Combinatorial Pattern Discovery in Biological Sequences: The TEIRESIAS Algorithm", Bioinformatics, 14 (1), pp. 55-67, 1998.
15. B. Schneier, "The Process of Security", Information Security, April. 2000 http://www.infosecuritymag.com/articles/april00/columns_cryptorphythms.shtml
16. R. Sekar, M. Bendre, P. Bollineni, and D. Dhurjati, "A Fast Automaton-Based Method for Detecting Anomalous Program Behaviors", IEEE Symposium on Security and Privacy, Oakland, CA, 2001.
17. D. Wagner and D. Dean, "Intrusion Detection via Static Analysis", IEEE Symposium on Security and Privacy, Oakland, CA, 2001.
18. D. Wagner and P. Soto, "Mimicry Attacks on Host-Based Intrusion Detection Systems", ACM Conference on Computer and Communications Security, 2002.
19. C. Warrender, S. Forrest, and B. Pearlmutter, "Detecting Intrusions Using System Calls: Alternative Data Models", IEEE Symposium on Security and Privacy, pp. 133-145, 1999.
20. A. Wespi, M. Dacier and H. Debar, "Intrusion Detection Using Variable-Length Audit Trail Patterns", 3rd International Workshop on the Recent Advances in Intrusion Detection, LNCS 1907, Springer, pp. 110-129, 2000.