Anomaly detection using call stack information

Proceedings - IEEE Symposium on Security and Privacy

Volumn 2003-January, Issue , 2003, Pages 62-75

  Feng, H H ^a   Kolesnikov, O M ^b   Fogla, P ^b   Lee, W ^b   Gong, Weibo ^a  

^a University of Massachusetts   (United States)

^b Georgia Institute of Technology   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

INTRUSION DETECTION; SIGNAL DETECTION;

ABSTRACT EXECUTIONS; ANOMALY DETECTION; EXTRACTING INFORMATION; FALSE POSITIVE; INFORMATION SOURCES; PROGRAM EXECUTION; UNDERLYING PRINCIPLES;

INFORMATION USE;

EID: 70349100099     PISSN: 10816011     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/SECPRI.2003.1199328     Document Type: Conference Paper

References (20)

1. K. Ashcraft and D.R. Engler, "Using Programmer-Written Compiler Extensions to Catch Security Holes", IEEE Symposium on Security and Privacy, Oakland, CA, 2002.
2. C. Cowan, C. Pu, D. Maier, H. Hinton, P. Bakke, S. Beattie, A. Grier, P. Wagle and Q. Zhang, "Stack-Guard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks", 7th USENIX Security Symposium, San Antonio, TX, 1998.
3. C. Cowan, P. Wagle, C. Pu, S. Beattie and J. Walpole, "Buffer Overflows: Attacks and Defenses for the Vulnerability of the Decade", DARPA Information Survivability Conference and Expo, Hilton Head Island, SC, 2000.
4. A. Floratos and I. Rigoutsos, "On the Time Complexity of the TEIRESIAS Algorithm", Research Report 98A000290, IBM, 1998.
5. S. Forrest, S.A. Hofmeyr, A. Somayaji and T.A. Longstaff, "A Sense of Self for Unix Processes", IEEE Symposium on Computer Security and Privacy, Los Alamos, CA, pp.120-128, 1996.
6. A. Ghosh and A. Schwartzbard, "A study in using neural networks for anomaly and misuse detection", 8th USENIX Security Symposium, pp. 141-151, 1999.
7. J.T. Giffin, S. Jha and B.P. Miller, "Detecting Manipulated Remote Call Streams", 11th USENIX Security Symposium, 2002.
8. S.A. Hofmeyr, A. Somayaji, and S. Forrest, "Intrusion Detection System Using Sequences of System Calls", Journal of Computer Security, 6(3), pp. 151-180, 1998.
9. C. Ko, "Execution Monitoring of Security-Critical Programs in Distributed Systems: A Specification-based Approach". PhD thesis, UC Davis, 1996.
10. C. Ko, G. Fink and K. Levitt, "Automated Detection of Vulnerabilities in Privileged Programs by Execution Monitoring", 10th Computer Security Applications Conference, Orlando, Fl, pp.134-144, 1994.
11. W. Lee and S. Stolfo, "Data Mining Approaches for Intrusion Detection", 7th USENIX Security Symposium, San Antonio, TX, 1998.
12. W. Lee, S. Stolfo, and P. Chan, "Learning Patterns from Unix Process Execution Traces for Intrusion Detection", AAAI Workshop: AI Approaches to Fraud Detection and Risk Management, 1997.
13. Mindcraft, "WebStone Benchmark Information", http://www.mindcraft.com/webstone/.
14. I. Rigoutsos and A. Floratos, "Combinatorial Pattern Discovery in Biological Sequences: The TEIRESIAS Algorithm", Bioinformatics, 14(1), pp. 55-67, 1998.
15. B. Schneier, "The Process of Security", Information Security, April, 2000, http://www.infosecuritymag.com/articles/april00/columns cryptorhythms.shtml.
16. R. Sekar, M. Bendre, P. Bollineni, and D. Dhurjati, "A Fast Automaton-Based Method for Detecting Anomalous Program Behaviors", IEEE Symposium on Security and Privacy, Oakland, CA, 2001.
17. D. Wagner and D. Dean, "Intrusion Detection via Static Analysis", IEEE Symposium on Security and Privacy, Oakland, CA, 2001.
18. D. Wagner and P. Soto, "Mimicry Attacks on Host-Based Intrusion Detection Systems", ACM Conference on Computer and Communications Security, 2002.
19. C. Warrender, S. Forrest, and B. Pearlmutter, "Detecting Intrusions Using System Calls: Alternative Data Models", IEEE Symposium on Security and Privacy, pp. 133-145, 1999.
20. A. Wespi, M. Dacier and H. Debar, "Intrusion Detection Using Variable-Length Audit Trail Patterns", 3rd International Workshop on the Recent Advances in Intrusion Detection , LNCS 1907, Springer, pp. 110-129, 2000.