Formalizing sensitivity in static analysis for intrusion detection

Proceedings - IEEE Symposium on Security and Privacy

Volumn 2004, Issue , 2004, Pages 194-208

  Feng, Henry Hanping ^a   Giffin, Jonathon T ^b   Huang, Yong ^a   Jha, Somesh ^b   Lee, Wenke ^c   Miller, Barton P ^b  

^a University of Massachusetts   (United States)

^b University of Wisconsin Madison   (United States)

^c Georgia Institute of Technology   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

DYCK MODEL; HOST-BASED INTRUSION DETECTION SYSTEMS (HIDS); PUSHDOWN AUTOMATA (PDA); RUN-TIME MONITORING;

ALGORITHMS; AUTOMATA THEORY; COMPUTER OPERATING SYSTEMS; COMPUTER PROGRAMMING; IMAGE PROCESSING; LEARNING SYSTEMS; MATHEMATICAL MODELS; SEMANTICS; SUPERVISORY AND EXECUTIVE PROGRAMS;

INFORMATION TECHNOLOGY;

EID: 3543086916     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (27)

1. N. Chomsky. Context-free grammars and pushdown storage. In Quarterly Progress Report No. 65, pages 187-194. Massachusetts Institute of Technology Research Laboratory of Electronics, April 1962.
2. H. Feng, O. Kolesnikov, P. Fogla, W. Lee, and W. Gong. Anomaly detection using call stack information, In IEEE Symposium on Security and Privacy, Oakland, California, May 2003.
3. S. Forrest, S. A. Hofmeyr, A. Somayaji, and T. A. Longstaff. A sense of self for Unix processes. In IEEE Symposium on Security and Privacy, pages 120-128, Los Alamitos, California, May 1996.
4. T. Garvey and T. Lunt. Model-based intrusion detection. In 14th National Computer Security Conference (NCSC), Baltimore, Maryland, June 1991.
5. A. Ghosh, A. Schwartzbard, and M. Schatz. Learning program behavior profiles for intrusion detection. In 1st USENIX Workshop on Intrusion Detection and Network Monitoring, Santa Clara, California, April 1999.
6. J. Giffin, S. Jha, and B. Miller. Detecting manipulated remote call streams. In 11th USENIX Security Symposium, San Francisco, California, August 2002.
7. J. Giffin, S. Jha, and B. Miller. Efficient context-sensitive intrusion detection. In 11th Annual Network and Distributed Systems Security Symposium (NDSS), San Diego, California, February 2004.
8. S. Hofmeyr, A. Somayaji, and S. Forrest. Intrusion detection system using sequences of system calls. Journal of Computer Security, 6(3):151-180, 1998.
9. J. Hopcroft, R. Motwani, and J. Ullman. Introduction to Automata Theory, Languages, and Computation. Addison-Wesley, 2nd edition, 2001.
10. K. Ilgun, R. Kemmerer, and P. Porras. State transition analysis: A rule-based intrusion detection approach. IEEE Transactions on Software Engineering, 21(3):181-199, March 1995.
11. C. Ko, G. Fink, and K. Levitt. Automated detection of vulnerabilities in privileged programs by execution monitoring. In 10th Annual Computer Security Applications Conference (ACSAC), Orlando, Florida, December 1994.
12. T. Lane and C. Brodley. Temporal sequence learning and data reduction for anomaly detection. ACM Transactions on Information and System Security, 2(3):295-331, August 1999.
13. J. Larus and E. Schnarr. EEL: Machine independent executable editing. In SIGPLAN Conference on Programming Language Design and Implementation (PLDI), La Jolla, California, June 1995.
14. W. Lee, S. Stolfo, and K. Mok. A data mining framework for building intrusion detection models. In IEEE Symposium on Security and Privacy, Oakland, California, May 1999.
15. T. Lunt. Automated audit trail analysis and intrusion detection: A survey, In 11th National Computer Security Conference (NCSC), Baltimore, Maryland, October 1988.
16. V. Paxson. Bro: A system for detecting network intruders in real-time. Computer Networks, 31(23-24), December 1999.
17. T. H. Ptacek and T. N. Newsham. Insertion, evasion, and denial of service: Eluding network intrusion detection. Technical report, Secure Networks Inc., January 1998. http://www.aciri.org/vem/Ptacek-Newsham-Evasion-98.ps.
18. S. Schwoon. Model-Checking Pushdown Systems. Ph.D. dissertation, Technische Universität München, June 2002.
19. R. Sekar, M. Bendre, P. Bollineni, and D. Dhurjati. A fast automaton-based method for detecting anomalous program behaviors. In IEEE Symposium on Security and Privacy, Oakland, California, May 2001.
20. K. Tan, K. Killourhy, and R. Maxion. Undermining an anomaly-based intrusion detection system using common exploits. In Recent Advances in Intrusion Detection (RAID) 2002, LNCS #2516, pages 54-73, Zurich, Switzerland, October 2002. Springer-Verlag.
21. K. Tan, J. McHugh, and K. Killourhy. Hiding intrusions: From the abnormal to the normal and beyond. In 5th International Workshop on Information Hiding, LNCS #2578, Noordwijkerhout, Netherlands, October 2002. Springer-Verlag.
22. H. Teng, K. Chen, and S.-Y. Lu. Adaptive real-time anomaly detection using inductively generated sequential patterns. In IEEE Symposium on Security and Privacy, Oakland, California, May 1990.
23. D. Wagner. Static Analysis and Computer Security: New Techniques for Software Assurance, Ph.D. dissertation, University of California at Berkeley, Fall 2000.
24. D. Wagner and D. Dean. Intrusion detection via static analysis. In IEEE Symposium on Security and Privacy, Oakland, California, May 2001.
25. D. Wagner and P. Soto. Mimicry attacks on host-based intrusion detection systems. In 9th ACM Conference on Computer and Communications Security (CCS), November 2002.
26. C. Warrander, S. Forrest, and B. Pearlmutter. Detecting intrusions using system calls: Alternative data models. In IEEE Symposium on Security and Privacy, Oakland, California, May 1999.
27. A. Wespi, M. Dacier, and H. Debar. Intrusion detection using variable-length audit trail patterns. In Recent Advances in Intrusion Detection (RAID) 2000, LNCS #1907, pages 110-129, Toulouse, France, October 2000. Springer-Verlag.