Anomaly detection based on system call classification

Ruan Jian Xue Bao/Journal of Software

Volumn 15, Issue 3, 2004, Pages 391-403

  Xu, Ming ^a   Chen, Chun ^a   Ying, Jing ^a  

^a ZHEJIANG UNIVERSITY   (China)

Author keywords

Anomaly detection; Intrusion detection; System call

Indexed keywords

CLASSIFICATION (OF INFORMATION); LEARNING SYSTEMS; SOFTWARE PROTOTYPING;

ANOMALY DETECTION; INCREMENT LEARNING; INTRUSION DETECTION; LINUX SYSTEM CALL; RULE DATABASE; RULE MATCH TIME;

SECURITY OF DATA;

EID: 2942744651     PISSN: 10009825     EISSN: None     Source Type: Journal    
DOI: None     Document Type: Article

References (18)

1. Debar H, Dacier M, Wespi A. Toward a taxonomy of intrusion-detection systems. Computer Networks, 1999, 31(8): 805-822.
2. Ye N, Li XY, Chen Q, Emran SM, Xu MM. Probabilistic techniques for intrusion detection based on computer audit data. IEEE Trans. on Systems, Man, and Cybernetics - Part A: Systems and Humans, 2001, 31(4): 266-274.
3. Ko C, Fink G, Levitt K. Automated detection of vulnerabilities in privileged programs by execution monitoring. In: Proc. of the 10th Annual Computer Security Applications Conf Orlando: IEEE Computer Society Press, 1994. 134-144.
4. Bernaschi M, Gabrielli E, Mancini LV. REMUS: A security-enhanced operating system. ACM Trans. on Information and System Security, 2002, 5(1): 36-61.
5. Goldberg I, Waqner D, Thomas R, Brewer EA. A secure environment for untrusted helper applications. In: Proc. of the 6th USENIX UNIX Security Symp. San Jose: USENIX, 1996. 1-13.
6. Marty R. Snort-Lightweight intrusion detection for networks In: Proc. of the 13th Conf. on Systems Administration. Washington: USENIX, 1999. 229-238.
7. Warrender C, Forrest S, Pearlmutter B. Detecting intrusions using system calls: alternative data models. In: Proc. of the 1999 IEEE Symp. on Security and Privacy. Oakland: IEEE Computer Society Press, 1999. 133-145.
8. Hofmeyr SA, Forrest S, Somayaji A. Intrusion detection using sequences of system calls. Journal of Computer Security, 1998, 6(3): 151-180.
9. Lee W, Stolfo SJ, Chan PK, Eskin E, Fan W, Miller M, Hershkop S, Zhang J. Real time data mining-based intrusion detection. In: Proc. of the 2nd DARPA Information Survivability Conf and Exposition II. Anaheim: IEEE Computer Society Press, 2001. 89 -100.
10. Lee SC, Heinbuch DV. Training a neural-network based intrusion detector to recognize novel attacks. IEEE Trans. on Systems, Man, and Cybernetics - Part A: Systems and Humans, 2001, 31(4): 294-299.
11. Forrest S, Hofmeyr SA, Somayaji A, Longstaff TA. A sense of self for UNIX processes. In Proc. of the 1996 IEEE Symp. on Security and Privacy. Oakland, CA: IEEE Computer Society Press, 1996. 120-128.
12. Lee W, Stolfo SJ. Learning patterns from UNIX process execution traces for intrusion detection. In Proc. of the AAAI97 Workshop on AI Methods in Fraud and Risk Management. Providence, Rhode Island: AAAI Press, 1997. 50-56.
13. Okazaki Y, Sato I, Goto S. A new intrusion detection method based on process profiling In: Proc. of the Symp. on Applications and the Internet. Nara: IEEE Computer Society Press, 2002. 82-90.
14. Sekar R, Bowen T, Segal M. On preventing intrusions by process behavior monitoring. In: Proc. of the USENIX Intrusion Detection Workshop. Santa Clara: USENIX, 1999. 29-40.
15. Uppuluri P, Sekar R. Experiences with specification-based intrusion detection. In: Lee W, Me L, Wespi A, eds. Proc. of the 4th Int'l Symp. on Recent Advances in Intrusion Detection. Davis: Springer-Verlag, 2001. 172-189.
16. Chari SN, Cheng PC. BlueBox: A policy-driven, host-based intrusion detection system. ACM Trans. on Information and System Security, 2003, 6(2): 173-200.
17. Xie HG, Biondi P. The LINUX intrusion detection project. 2002. http://www.lids.org
18. Walker KM, Sterne DF, Badger ML, Petkac MJ, Shermann DL, Oostendorp KA. Confining root programs with domain and type enforcement. In: Proc. of the 6th USENIX Security Symp., Focusing on Applications of Cryptography. San Jose USENIX, 1996. 21-36.