Using system call information to reveal hidden attack manifestations

2009 Proceedings of the 1st International Workshop on Security and Communication Networks, IWSCN 2009

Volumn , Issue , 2010, Pages

  Larson, Ulf E ^a   Nilsson, Dennis K ^a   Jonsson, Erland ^a   Lindskog, Stefan ^b  

^a CHALMERS UNIVERSITY OF TECHNOLOGY   (Sweden)

^b NORWEGIAN UNIVERSITY OF SCIENCE AND TECHNOLOGY   (Norway)

Author keywords

[No Author keywords available]

Indexed keywords

ATTACK MANIFESTATION; DETECTION ALGORITHM; DISTANCE-BASED; INTRUSION DETECTORS; RETURN VALUE; SYSTEM CALLS;

INTRUSION DETECTION; TELECOMMUNICATION NETWORKS;

DETECTORS;

EID: 79851497098     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (26)

1. C. Abad, J. Taylor, C. Sengul, W. Yurcik, Y. Zhou, and K. Rowe. Log correlation for intrusion detection: A proof of concept. In Proceedings of the 19th Annual Computer Security Applications Conference (ACSAC 2003), pages 255-264, Las Vegas, NV, USA, December 8-12, 2003. IEEE.
2. S. Axelsson, U. Lindqvist, U. Gustafson, and E. Jonsson. An approach to UNIX security logging. In Proceedings of the 21st National Information Systems Security Conference, pages 62-75, Arlington, VA, USA, October 5-8, 1998.
3. R. Baeza-Yates and B. Ribeiro-Neto. Modern Information Retrieval. Addison-Wesley Longman Publishing Co., Inc., Boston, MA, USA, 1999.
4. D. E. Denning and P. G. Neumann. Requirements and model for IDES - A real-time intrusion detection system. Technical report, Computer Science Laboratory, SRI International, Menlo Park, CA, USA, 1985.
5. H. H. Feng, O. M. Kolesnikov, P. Fogla, W. Lee, and W. Gong. Anomaly detection using call stack information. In Proceedings of the 2003 IEEE Symposium on Security and Privacy, pages 62-75, Oakland, CA, USA, May 11-14, 2003. IEEE.
6. S. Fish, G. Keren, Mulix, A. Shalem, and E. Shemer. System call tracker - design, implementation, goals. http://linuxclub.il.eu.org/lectures/44. Visited May 15, 2007.
7. S. Forrest, S. A. Hofmeyr, A. Somayaji, and T. A. Longstaff. A sense of self for Unix processes. In Proceedings of the 1996 IEEE Symposium on Security and Privacy, pages 120-128, Oakland, CA, USA, May 6-8, 1996. IEEE.
8. D. Gao, M. K. Reiter, and D. X. Song. On gray-box program tracking for anomaly detection. In USENIX Security Symposium, pages 103-118, San Diego, CA, USA, August 9-13, 2004. USENIX Association.
9. D. Gao, M. K. Reiter, and D. X. Song. Behavioral distance for intrusion detection. In Proceedings of the 8th International Symposium on Recent Advances in Intrusion Detection (RAID 2005), pages 63-81, Seattle, WA, USA, September 7-9, 2005. Springer-Verlag.
10. S. Garfinkel and G. Spafford. Practical UNIX and Internet Security. O'Reilly, Sebastopol, CA, USA, 2nd edition, April 1996.
11. J. T. Giffin, S. Jha, and B. P. Miller. Detecting manipulated remote call streams. In Proceedings of the 11th USENIX Security Symposium, pages 61-79, San Francisco, CA, USA, August 5-9, 2002. USENIX Association.
12. J. T. Giffin, S. Jha, and B. P. Miller. Efficient contextsensitive intrusion detection. In Proceedings of the 11th Annual Network and Distributed System Security Symposium, San Diego, CA, USA, February 5-6, 2004.
13. J. T. Giffin, S. Jha, and B. P. Miller. Automated discovery of mimicry attacks. In Proceedings of the 9th International Symposium on Recent Advances in Intrusion Detection (RAID 2006), pages 41-60, Hamburg, Germany, September 20-22, 2006. Springer-Verlag.
14. H. S. Javitz and A. Valdes. The NIDES statistical component: Description and justification. Technical report, Computer Science Laboratory, SRI International, March 1994.
15. C. Kruegel, D. Mutz, F. Valeur, and G. Vigna. On the detection of anomalous system call arguments. In Proceedings of the 2003 European Symposium on Research in Computer Security (ESORICS 2003), pages 326-343, Gjøvik, Norway, October 13-15, 2003. Springer-Verlag.
16. Y. Liao and V. R. Vemuri. Using text categorization techniques for intrusion detection. In Proceedings of the 11th USENIX Security Symposium, pages 51-59, San Francisco, CA, USA, August 5-9, 2002. USENIX Association.
17. Add root user to /etc/passwd. http://www.milw0rm.com/exploits/2803. Visited May 15, 2007.
18. D. Mutz, W. Robertson, G. Vigna, and R. Kemmerer. Exploiting execution context for the detection of anomalous system calls. In Proceedings of the 10th International Symposium on Recent Advances in Intrusion Detection (RAID 2007), pages 1-20, Queensland, Australia, September 5-7 2007. Springer-Verlag.
19. C. Parampalli, R. Sekar, and R. Johnson. A practical mimicry attack against powerful system-call monitors. In Proceedings of the 2008 ACM Symposium on Information, Computer and Communications Security (ASIACCS 2008), pages 156-167, Tokyo, Japan, March 18-20, 2008. ACM.
20. R. Sekar, M. Bendre, D. Dhurjati, and P. Bollineni. A fast automaton-based method for detecting anomalous program behaviors. In Proceedings of the 2001 IEEE Symposium on Security and Privacy, pages 144-155, Oakland, CA, USA, May 14-16, 2001. IEEE.
21. sorbo. Linux traceroute exploit code released. http://www.securiteam.com/ exploits/6A00A1F5QM.html. Visited May 15, 2007.
22. K. M. C. Tan, K. S. Killourhy, and R. A. Maxion. Undermining an anomaly-based intrusion detection system using common exploits. In Proceedings of the 5th International Symposium on Recent Advances in Intrusion Detection (RAID 2002), pages 54-73, Zurich, Switzerland, October 16-18, 2002. Springer-Verlag.
23. G. Tandon and P. Chan. Learning rules from system call arguments and sequences for anomaly detection. In ICDM Workshop on Data Mining for Computer Security (DMSEC), pages 20-29, Melbourne, FL, USA, November 19, 2003.
24. D. Wagner and P. Soto. Mimicry attacks on host-based intrusion detection systems. In 9th ACM Conference on Computer and Communications Security (CCS 2002), pages 255-264, Washington D.C., USA, November 18-22, 2002. ACM.
25. C. Warrender, S. Forrest, and B. Pearlmutter. Detecting intrusions using system calls: Alternative data models. In Proceedings of the 1999 IEEE Symposium on Security and Privacy, pages 133-145, Oakland, CA, USA, May 9-12, 1999. IEEE.
26. Personal communications with Wolfgang John, 2007.