Detecting malicious software by monitoring anomalous windows registry accesses

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Volumn 2516, Issue , 2002, Pages 36-53

  Apap, Frank ^a   Honig, Andrew ^a   Hershkop, Shlomo ^a   Eskin, Eleazar ^a   Stolfo, Sal ^a  

^a Columbia University ^*  (United States)

Author keywords

[No Author keywords available]

Indexed keywords

COMPUTER CRIME; MALWARE; MERCURY (METAL);

FALSE ALARMS; HOST-BASED INTRUSION DETECTION SYSTEM; LOW RATES; MICROSOFT WINDOWS; NORMAL MODEL; REAL TIME; RUNTIMES; WINDOWS REGISTRY;

INTRUSION DETECTION;

EID: 84958983572     PISSN: 03029743     EISSN: 16113349     Source Type: Book Series    
DOI: 10.1007/3-540-36084-0_3     Document Type: Conference Paper

References (29)

1. Aim Recovery. http://www.dark-e.com/des/software/aim/index.shtml.
2. Back Orifice. http://www.cultdeadcow.com/tools/bo.html.
3. BackDoor.XTCP. http://www.ntsecurity.new/Panda/Index.cfm?FuseAction=Virus&VirusID=659.
4. BrowseList. http://e4gle.org/files/nttools/, http://binaries.faq.net.pl/security tools.
5. Happy 99. http://www.symantex.com/qvcenter/venc/data/happy99.worm.html.
6. IPCrack. http://www.geocities.com/SiliconValley/Garage/3755/toolicq.html, http://home.swipenet.se/˜w-65048/hacks.htm.
7. L0pht Crack. http://www.atstack.com/research/lc.
8. Setup Trojan. http://www.nwinternet.com/˜pchelp/bo/setuptrojan.txt.
9. V. Barnett and T. Lewis. Outliers in Statistical Data. John Wiley and Sons, 1994.
10. Fred Cohen. A Short Course on Computer Viruses. ASP Press, Pittsburgh, PA, 1990.
11. M. H. DeGroot. Optimal Statistical Decisions. McGraw-Hill, New York, 1970.
12. D. E. Denning. An intrusion detection model. IEEE Transactions on Software Engineering, SE-13:222–232, 1987.
13. Eleazar Eskin. Anomaly detection over noisy data using learned probability distributions. In Proceedings of the Seventeenth International Conference on Machine Learning (ICML-2000), 2000.
14. Eleazar Eskin. Probabilistic anomaly detection over discrete records using inconsistency checks. Technical report, Columbia University Computer Science Technical Report, 2002.
15. Stephanie Forrest, S. A. Hofmeyr, A. Somayaji, and T. A. Longstaff. A sense of self for unix processes. pages 120–128. IEEE Computer Society, 1996.
16. N. Friedman and Y. Singer. E.cient bayesian parameter estimation in large discrete domains, 1999.
17. S. A. Hofmeyr, Stephanie Forrest, and A. Somayaji. Intrusion detect using sequences of system calls. Journal of Computer Security, 6:151–180, 1998.
18. Andrew Honig, Andrew Howard, Eleazar Eskin, and Salvatore Stolfo. Adaptive model generation: An architecture for the deployment of data minig-based intrusion detection systems. In Data Mining for Security Applications. Kluwer, 2002.
19. Internet Engineering Task Force. Intrusion detection exchange format. In http://www.ietf.org/html.charters/idwg-charter.html, 2000.
20. H. S. Javitz and A. Valdes. The nides statistical component: Description and justification. Technical report, SRI International, 1993.
21. W. Lee, S. J. Stolfo, and P. K. Chan. Learning patterns from unix processes execution traces for intrusion detection. pages 50–56. AAAI Press, 1997.
22. W. Lee, S. J. Stolfo, and K. Mok. Data mining in work flow environments: Experiences in intrusion detection. In Proceedings of the 1999 Conference on Knowledge Discovery and Data Mining (KDD-99), 1999.
23. Wenke Lee, Sal Stolfo, and Kui Mok. A data mining framework for building intrusion detection models. 1999.
24. MacAfee. Homepage: macafee.com. Online publication, 2000. http://www.mcafee.com.
25. M. Mahoney and P. Chan. Detecting novel attacks by identifying anomalous network packet headers. Technical Report CS-2001-2, Florida Institute of Technology, Melbourne, FL, 2001.
26. B. Schölkopf, J. Platt, J. Shawe-Taylor, A. J. Smola, and R. C. Williamson. Estimating the support of a high-dimensional distribution. Technical Report 99–87, Microsoft Research, 1999. To appear in Neural Computation, 2001.
27. SysInternals. Regmon for Windows NT/9x. Online publication, 2000. http://www.sysinternals.com/ntw2k/source/regmon.shtml.
28. Christina Warrender, Stephanie Forrest, and Barak Pearlmutter. Detecting intrusions using system calls: alternative data models. pages 133–145. IEEE Computer Society, 1999.
29. Steve R. White. Open problems in computer virus research. In Virus Bulletin Conference, 1998.