Visualizing and identifying intrusion context from system calls trace

Proceedings - Annual Computer Security Applications Conference, ACSAC

Volumn , Issue , 2004, Pages 61-70

  Li, Zhuowei ^a   Das, Amitabha ^a  

^a NANYANG TECHNOLOGICAL UNIVERSITY   (Singapore)

Author keywords

[No Author keywords available]

Indexed keywords

ANOMALY-BASED INTRUSION DETECTION (AID); FALSE ALARM RATES; INTRUSION CONTEXT IDENTIFICATION (ICI); INTRUSION DETECTION SYSTEMS (IDS);

COMPUTER SYSTEMS; KNOWLEDGE BASED SYSTEMS; MATHEMATICAL MODELS; SENSORS; TELECOMMUNICATION TRAFFIC; VISUALIZATION;

ELECTRONIC DOCUMENT IDENTIFICATION SYSTEMS;

EID: 21644441336     PISSN: 10639527     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (18)

1. J. Anderson. Computer security threat monitoring and surveillance. Technical report, James P Anderson Co., Fort Washington, Pennsylvania, April 1980.
2. S. Axelsson. The base-rate fallacy and its implications for the difficulty of intrusion detection. In Proceedings of the 6th ACM conference on Computer and communications security, pages 1-7, 1999.
3. S. Chad and P. Cheng. BlueBox: A Policy-Driven, Host-based Intrusion Detection System. ACM Transaction on Infomation and System Security, 6(2): 173-200, May 2003.
4. F. Cuppens and A. Miege. Alert correlation in a cooperative intrusion detection framework. In Proceedings. 2002 IEEE Symposium on Security and Privacy, pages 187 - 200, May 2002.
5. H. Debar, M. Dacier, and A. Wespi. A revised taxonomy for intrusion detection systems. Annales des Telecommunications, 55(7-8):361-378, 2000.
6. S. Forrest, S. Hofmeyr, A. Somayaji, and T. Longstaff. A sense of self for Unix processes. In Proceedings of the 1996 IEEE Symposium on Research in Security and Privacy, pages 120-128. IEEE Computer Society Press, 1996.
7. S. Hofmeyr, S. Forrest, and A. Somayaji. Intrusion detection using sequences of system calls. Journal of Computer Security, 6(3): 151-180, 1998.
8. K. Misch. Clustering intrusion detection alarms to support root cause analysis. ACM Transaction on Information and System Security, 6(4):443-471, 2003.
9. R. Kemmerer and G. Vigna. Intrusion detection: a brief history and overview. IEEE Computer, 35(4):supl27 - supl30, April 2002.
10. C. Kruegel, D. Mutz, W. Robertson, and F. Valeur. Bayesian event classification for intrusion detection. In 19th Annual Computer Security Applications Conference, Las Vegas, Nevada, December 08-12 2003.
11. W. Lee and S. Stolfo. A framework for contructing features and models for intrusion detection systems. ACM Transactions on Information and System Security, 3(4):227-261, Nov. 2000.
12. M. Mahoney and P. Chan. Learning Nonstationary Models of Normal Network Traffic for Detecting Novel Attacks. In SIGKDD 2002, July 23-26 2002.
13. P. Ning, Y. Cui, and D. R. fand D. Xu. Techniques and tools for analyzing intrusion alerts. ACM Transactions on Information and System Security (TISSEC), 7(2):274-318, May. 2004.
14. P. Ning, Y. Cui, and D. Reeves. Constructing attack scenarios through correlation of intrusion alerts. In Proceedings of the 9th ACM conference on Computer and communications security, pages 245-254, 2002.
15. K. Tan and R. Maxion. Determining the operational limits of an anomaly-based intrusion detector. IEEE Journal on selected areas in communications, 21(1):96-110, Jan. 2003.
16. K. Tan, J. Mchugh, and K. Killourhy. Hiding intrusions: From the abnormal to the normal and beyond. In Proceedings of Information Hiding 2002, pages 1-17, 2002.
17. D. Wagner and P. Soto. Mimicry attacks on host-based intrusion detection systems. In Proceedings of the 9th ACM conference on Computer and communications security, pages 255-264, 2002.
18. C. Warrender, S. Forrest, and B. Pearlmutter. Detecting intrusions using system calls: Alternative data models. In IEEE Symposium on Security and Privacy, pages 133-145, 1999.