Combining static analysis and dynamic learning to build accurate intrusion detection models

Proceedings - 3rd IEEE International Workshop on Information Assurance, IWIA 2005

Volumn , Issue , 2005, Pages 164-177

  Liu, Zhen ^a   Bridges, Susan M ^a   Vaughn, Rayford B ^a  

^a MISSISSIPPI STATE UNIVERSITY   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

APPLICATION PROGRAMS; AUTOMATA THEORY; INTRUSION DETECTION;

ANOMALY DETECTION; APPLICATION EXECUTION; AUTOMATON MODEL; DYNAMIC LEARNING; DYNAMICS ANALYSIS; INTRUSION DETECTION MODELS; PROGRAM BEHAVIOR; PROPERTY; PUSH-DOWN AUTOMATA; SYSTEM CALLS;

STATIC ANALYSIS;

EID: 79956223384     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (21)

1. H. H. Feng, J. T. Giffin, Y. Huang, S. Jha, W. Lee, and B. P. Miller. Formalizing sensitivity in static analysis for intrusion detection. In Proceedings: IEEE Symposium on Security and Privacy, Berkeley, California, 2004. IEEE Computer Society.
2. H. H. Feng, O. M. Kolesnikov, P. Fogla, W. Lee, and W. Gong. Anomaly detection using call stack information. In Proceedings: IEEE Symposium on Security and Privacy, Berkeley, California, 2003. IEEE Computer Society.
3. S. Forrest, S. A. Hofmeyr, A. Somayaji, and T. A. Longstaff. A sense of self for unix processes. In Proceedings: IEEE Symposium on Security and Privacy, pages 120-128, Los Alamitos, California, 1996.
4. D. Gao, M. K. Reiter, and D. Song. On gray-box program tracking for anomaly detection. In Proceedings: USENIX Security Symposium, 2004.
5. A. K. Ghosh and A. Schwartzbard. Learning program behavior profiles for intrusion detection. In Proceedings: 1st USENIX Workshop on Intrusion Detection and Network Monitoring, pages 51-62, Santa Clara, California, 1999.
6. J. T. Giffin, S. Jha, and B. P. Miller. Detecting manipulated remote call streams. In Proceedings: 11th USENIX Security Symposium, 2002.
7. J. T. Giffin, S. Jha, and B. P. Miller. Efficient context-sensitive intrusion detection. In Network and Distributed System Security Symposium, 2004.
8. K. Ilgun, R. Kemmerer, and P. Porras. State transition analysis: a rule-based intrusion detection approach. IEEE Transactions on Software Engineering, 21(3):181-199, 1995.
9. T. Lane and C. E. Brodley. Sequence matching and learning in anomaly detection for computer security. In Proceedings: AAAI Workshop - AI Approaches to Fraud Detection and Risk Management, 1997.
10. W. Lee and S. J. Stolfo. Data mining approaches for intrusion detection. In Proceedings: USENIX Security Symposium, pages 79-94, San Antonio, Texas, 1998.
11. Z. Liu, G. Florez, and S. M. Bridges. A comparison of input representations in neural networks: a case study in intrusion detection. In Proceedings: International Joint Conference on Neural Networks, Honolulu, Hawaii, 2002.
12. C. Michael and A. Ghosh. Simple, state-based approaches to program-based anomaly detection. ACM Transactions on Information and System Security, 5(3):203-237, 2002.
13. V. Paxson. Bro: a system for detecting network intruders in real-time. Computer Network, 31(23), 1999.
14. R. Sekar, M. Bendre, D. Dhurjati, and P. Bollineni. A fast automaton-based method for detecting anomalous program behaviors. In Proceedings: IEEE Symposium on Security and Privacy, pages 144-155, Oakland, California, 2001. IEEE Computer Society.
15. A. Somayaji. Automated response using system-call delays. In Proceedings: USENIX Security Symposium, pages 185-197, Denver, Colorado, 2000.
16. K. M. Tan and R. A. Maxion. “Why 6?” Defining the operational limits of stide, an anomaly-based intrusion detector. In Proceedings: IEEE Symposium on Security and Privacy, pages 173-186, Berkeley, California, 2002. IEEE Computer Society.
17. D. Wagner. Static analysis and computer security: New techniques for software assurance. PhD thesis, Department of Computer Science, University of California at Berkeley, Fall 2000.
18. D. Wagner and D. Dean. Intrusion detection via static analysis. In Proceedings: IEEE Symposium on Security and Privacy, pages 156-169, Oakland, California, 2001. IEEE Computer Society.
19. D. Wagner and P. Soto. Mimicry attacks on host-based intrusion detection systems. In Proceedings: ACM Conference on Computer and Communications Security, 2002.
20. C. Warrender, S. Forrest, and B. Pearlmutter. Detecting intrusions using system calls: alternative data models. In Proceedings: IEEE Symposium on Security and Privacy, pages 133-145, Los Alamitos, California, 1999.
21. J. Wilander and M. Kamkar. A comparison of publicly available tools for dynamic buffer overflow prevention. In Proceedings: The 10th Annual Network and Distributed System Security Symposium, San Diego, California, 2003.