Characterizing the behavior of a program using multiple-length N-grams
Proceedings of the 2000 workshop on New security paradigms
Anomaly Detection in Embedded Systems
IEEE Transactions on Computers - Special issue on fault-tolerant embedded systems
ACM Transactions on Computer Systems (TOCS)
Model-Carrying Code (MCC): a new paradigm for mobile-code security
Proceedings of the 2001 workshop on New security paradigms
Mimicry attacks on host-based intrusion detection systems
Proceedings of the 9th ACM conference on Computer and communications security
Using internal sensors and embedded detectors for intrusion detection
Journal of Computer Security
Mining TCP/IP Traffic for Network Intrusion Detection by Using a Distributed Genetic Algorithm
ECML '00 Proceedings of the 11th European Conference on Machine Learning
Two Dimensional Time-Series for Anomaly Detection and Regulation in Adaptive Systems
DSOM '02 Proceedings of the 13th IFIP/IEEE International Workshop on Distributed Systems: Operations and Management: Management Technologies for E-Commerce and E-Business Applications
Intrusion Detection Using Variable-Length Audit Trail Patterns
RAID '00 Proceedings of the Third International Workshop on Recent Advances in Intrusion Detection
CDIS: Towards a Computer Immune System for Detecting Network Intrusions
RAID '00 Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection
A Useful Intrusion Detection System Prototype to Monitor Multi-processes Based on System Calls
ICICS '01 Proceedings of the Third International Conference on Information and Communications Security
Intrusion Detection with Support Vector Machines and Generative Models
ISC '02 Proceedings of the 5th International Conference on Information Security
ADMIT: anomaly-based data mining for intrusions
Proceedings of the eighth ACM SIGKDD international conference on Knowledge discovery and data mining
Anomaly Detection Using Call Stack Information
SP '03 Proceedings of the 2003 IEEE Symposium on Security and Privacy
Anomaly intrusion detection in dynamic execution environments
Proceedings of the 2002 workshop on New security paradigms
A framework for trusted instruction execution via basic block signature verification
ACM-SE 42 Proceedings of the 42nd annual Southeast regional conference
SELF: a transparent security extension for ELF binaries
Proceedings of the 2003 workshop on New security paradigms
Design and application of hybrid intelligent systems
Metadata for Anomaly-Based Security Protocol Attack Deduction
IEEE Transactions on Knowledge and Data Engineering
Reversible sketches for efficient and accurate change detection over network data streams
Proceedings of the 4th ACM SIGCOMM conference on Internet measurement
User re-authentication via mouse movements
Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security
A holistic approach to service survivability
Proceedings of the 2003 ACM workshop on Survivable and self-regenerative systems: in association with 10th ACM Conference on Computer and Communications Security
A Visual Approach for Monitoring Logs
LISA '98 Proceedings of the 12th USENIX conference on System administration
Using instruction block signatures to counter code injection attacks
ACM SIGARCH Computer Architecture News - Special issue: Workshop on architectural support for security and anti-virus (WASSA)
The role of suspicion in model-based intrusion detection
NSPW '04 Proceedings of the 2004 workshop on New security paradigms
The application of antigenic search techniques to time series forecasting
GECCO '05 Proceedings of the 7th annual conference on Genetic and evolutionary computation
S-assess: a library for behavioral self-assessment
Proceedings of the fourth international joint conference on Autonomous agents and multiagent systems
The monitoring and early detection of internet worms
IEEE/ACM Transactions on Networking (TON)
Host-based detection of worms through peer-to-peer cooperation
Proceedings of the 2005 ACM workshop on Rapid malcode
Architecture for an Artificial Immune System
Evolutionary Computation
Intrusion detection based on organizational coevolutionary fuzzy classifiers
Intelligent information processing II
NSPW '05 Proceedings of the 2005 workshop on New security paradigms
Behavior-based modeling and its application to Email analysis
ACM Transactions on Internet Technology (TOIT)
On incremental file system development
ACM Transactions on Storage (TOS)
Research on Object-Storage-Based Intrusion Detection
ICPADS '06 Proceedings of the 12th International Conference on Parallel and Distributed Systems - Volume 1
System Call Monitoring Using Authenticated System Calls
IEEE Transactions on Dependable and Secure Computing
Probabilistic anomaly detection in distributed computer networks
Science of Computer Programming
Proceedings of the 4th ACM workshop on Recurring malcode
Proceedings of the 1st workshop on Architectural and system support for improving software dependability
Minos: Architectural support for protecting control data
ACM Transactions on Architecture and Code Optimization (TACO)
Automated known problem diagnosis with event traces
Proceedings of the 1st ACM SIGOPS/EuroSys European Conference on Computer Systems 2006
Analyzing and evaluating dynamics in stide performance for intrusion detection
Knowledge-Based Systems
NetHost-sensor: Monitoring a target host's application via system calls
Information Security Tech. Report
Learning DFA representations of HTTP for protecting web applications
Computer Networks: The International Journal of Computer and Telecommunications Networking
Protecting host-based intrusion detectors through virtual machines
Computer Networks: The International Journal of Computer and Telecommunications Networking
CuPIDS: An exploration of highly focused, co-processor-based information system protection
Computer Networks: The International Journal of Computer and Telecommunications Networking
Automatic high-performance reconstruction and recovery
Computer Networks: The International Journal of Computer and Telecommunications Networking
Journal of Network and Computer Applications - Special issue: Network and information security: A computational intelligence approach
A comparative evaluation of two algorithms for Windows Registry Anomaly Detection
Journal of Computer Security
BINDER: an extrusion-based break-in detector for personal computers
ATEC '05 Proceedings of the annual conference on USENIX Annual Technical Conference
Correlating multi-session attacks via replay
HOTDEP'06 Proceedings of the 2nd conference on Hot Topics in System Dependability - Volume 2
Using runtime paths for macroanalysis
HOTOS'03 Proceedings of the 9th conference on Hot Topics in Operating Systems - Volume 9
Path-based faliure and evolution management
NSDI'04 Proceedings of the 1st conference on Symposium on Networked Systems Design and Implementation - Volume 1
Automated response using system-call delays
SSYM'00 Proceedings of the 9th conference on USENIX Security Symposium - Volume 9
Improving host security with system call policies
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Non-control-data attacks are realistic threats
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
Protecting against unexpected system calls
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
Toward Automated Dynamic Malware Analysis Using CWSandbox
IEEE Security and Privacy
Analysis of Computer Intrusions Using Sequences of Function Calls
IEEE Transactions on Dependable and Secure Computing
an eye on network intruder-administrator shootouts
ID'99 Proceedings of the 1st conference on Workshop on Intrusion Detection and Network Monitoring - Volume 1
An overview of anomaly detection techniques: Existing solutions and latest technological trends
Computer Networks: The International Journal of Computer and Telecommunications Networking
Length-weighted string kernels for sequence data classification
Pattern Recognition Letters
Detecting anomalous records in categorical datasets
Proceedings of the 13th ACM SIGKDD international conference on Knowledge discovery and data mining
Probabilistic suffix models for API sequence analysis of Windows XP applications
Pattern Recognition
Ensuring secure program execution in multiprocessor embedded systems: a case study
CODES+ISSS '07 Proceedings of the 5th IEEE/ACM international conference on Hardware/software codesign and system synthesis
Biologically-inspired Complex Adaptive Systems approaches to Network Intrusion Detection
Information Security Tech. Report
Biology, immunology and information security
Information Security Tech. Report
Information Security Tech. Report
CompSysTech '07 Proceedings of the 2007 international conference on Computer systems and technologies
Switchblade: enforcing dynamic personalized system call models
Proceedings of the 3rd ACM SIGOPS/EuroSys European Conference on Computer Systems 2008
Automatic software interference detection in parallel applications
Proceedings of the 2007 ACM/IEEE conference on Supercomputing
From STEM to SEAD: speculative execution for automated defense
ATC'07 2007 USENIX Annual Technical Conference on Proceedings of the USENIX Annual Technical Conference
A practical mimicry attack against powerful system-call monitors
Proceedings of the 2008 ACM symposium on Information, computer and communications security
Reconstructing system state for intrusion analysis
ACM SIGOPS Operating Systems Review
Seeing the invisible: forensic uses of anomaly detection and machine learning
ACM SIGOPS Operating Systems Review
Computer forensics in forensis
ACM SIGOPS Operating Systems Review
Implementation of voting mechanism in intrusion tolerance system
ICCOMP'05 Proceedings of the 9th WSEAS International Conference on Computers
Prevention of information attacks by run-time detection of self-replication in computer codes
Journal of Computer Security
Flexible Hardware Acceleration for Instruction-Grain Program Monitoring
ISCA '08 Proceedings of the 35th Annual International Symposium on Computer Architecture
Using causality to diagnose configuration bugs
ATC'08 USENIX 2008 Annual Technical Conference on Annual Technical Conference
High-order Markov kernels for intrusion detection
Neurocomputing
A Kernel-Based Reinforcement Learning Approach to Dynamic Behavior Modeling of Intrusion Detection
ISNN '07 Proceedings of the 4th international symposium on Neural Networks: Advances in Neural Networks
Static Analysis on x86 Executables for Preventing Automatic Mimicry Attacks
DIMVA '07 Proceedings of the 4th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Negative Selection with Antigen Feedback in Intrusion Detection
ICARIS '08 Proceedings of the 7th international conference on Artificial Immune Systems
A Type-2 Fuzzy Set Recognition Algorithm for Artificial Immune Systems
HAIS '08 Proceedings of the 3rd international workshop on Hybrid Artificial Intelligence Systems
Efficiently tracking application interactions using lightweight virtualization
Proceedings of the 1st ACM workshop on Virtual machine security
Return Value Predictability Profiles for Self---healing
IWSEC '08 Proceedings of the 3rd International Workshop on Security: Advances in Information and Computer Security
Automatic software fault diagnosis by exploiting application signatures
LISA'08 Proceedings of the 22nd conference on Large installation system administration conference
Cooperative Intrusion Detection Model Based on State Transition Analysis
Computer Supported Cooperative Work in Design IV
Hierarchical Classifiers for Complex Spatio-temporal Concepts
Transactions on Rough Sets IX
State transition analysis to detect malicious program behavior
ICCOMP'08 Proceedings of the 12th WSEAS international conference on Computers
Agent-based modeling of host-pathogen systems: The successes and challenges
Information Sciences: an International Journal
Transparent Process Monitoring in a Virtual Environment
Electronic Notes in Theoretical Computer Science (ENTCS)
A static API birthmark for Windows binary executables
Journal of Systems and Software
ACM Computing Surveys (CSUR)
Hardware-assisted run-time monitoring for secure program execution on embedded processors
IEEE Transactions on Very Large Scale Integration (VLSI) Systems
Feature set selection in data mining techniques for unknown virus detection: a comparison study
Proceedings of the 5th Annual Workshop on Cyber Security and Information Intelligence Research: Cyber Security and Information Intelligence Challenges and Strategies
Selecting and Improving System Call Models for Anomaly Detection
DIMVA '09 Proceedings of the 6th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment
The user is not the enemy: fighting malware by tracking user intentions
Proceedings of the 2008 workshop on New security paradigms
Self-healing: science, engineering, and fiction
NSPW '07 Proceedings of the 2007 Workshop on New Security Paradigms
Building an Application Data Behavior Model for Intrusion Detection
Proceedings of the 23rd Annual IFIP WG 11.3 Working Conference on Data and Applications Security XXIII
Artificial immune system based intrusion detection system
Proceedings of the 2nd international conference on Security of information and networks
Fides: remote anomaly-based cheat detection using client emulation
Proceedings of the 16th ACM conference on Computer and communications security
A simple and efficient hidden Markov model scheme for host- based anomaly intrusion detection
IEEE Network: The Magazine of Global Internetworking - Special issue title on recent developments in network intrusion detection
Automatically Adapting a Trained Anomaly Detector to Software Patches
RAID '09 Proceedings of the 12th International Symposium on Recent Advances in Intrusion Detection
Application Data Consistency Checking for Anomaly Based Intrusion Detection
SSS '09 Proceedings of the 11th International Symposium on Stabilization, Safety, and Security of Distributed Systems
On the Use of Singular Value Decomposition for a Fast Intrusion Detection System
Electronic Notes in Theoretical Computer Science (ENTCS)
Monitoring for security intrusion using performance signatures
Proceedings of the first joint WOSP/SIPEW international conference on Performance engineering
Butterfly analysis: adapting dataflow analysis to dynamic parallel monitoring
Proceedings of the fifteenth edition of ASPLOS on Architectural support for programming languages and operating systems
Proceedings of the 2010 Workshop on Interaction between Compilers and Computer Architecture
Detecting malicious software by monitoring anomalous windows registry accesses
RAID'02 Proceedings of the 5th international conference on Recent advances in intrusion detection
Undermining an anomaly-based intrusion detection system using common exploits
RAID'02 Proceedings of the 5th international conference on Recent advances in intrusion detection
Research on hidden Markov model for system call anomaly detection
PAISI'07 Proceedings of the 2007 Pacific Asia conference on Intelligence and security informatics
A risk-sensitive intrusion detection model
ICISC'02 Proceedings of the 5th international conference on Information security and cryptology
ELICIT: a system for detecting insiders who violate need-to-know
RAID'07 Proceedings of the 10th international conference on Recent advances in intrusion detection
Towards automated privilege separation
ICISS'07 Proceedings of the 3rd international conference on Information systems security
Use of dimensionality reduction for intrusion detection
ICISS'07 Proceedings of the 3rd international conference on Information systems security
Masquerade detection based upon GUI user profiling in linux systems
ASIAN'07 Proceedings of the 12th Asian computing science conference on Advances in computer science: computer and network security
PROBE: a process behavior-based host intrusion prevention system
ISPEC'08 Proceedings of the 4th international conference on Information security practice and experience
Intrusion detection method based on fuzzy hidden Markov model
FSKD'09 Proceedings of the 6th international conference on Fuzzy systems and knowledge discovery - Volume 3
HiFIND: A high-speed flow-level intrusion detection approach with DoS resiliency
Computer Networks: The International Journal of Computer and Telecommunications Networking
Efficient, context-sensitive detection of real-world semantic attacks
PLAS '10 Proceedings of the 5th ACM SIGPLAN Workshop on Programming Languages and Analysis for Security
A reference based analysis framework for analyzing system call traces
Proceedings of the Sixth Annual Workshop on Cyber Security and Information Intelligence Research
HSP: A solution against heap sprays
Journal of Systems and Software
A new distributed intrusion detection method based on immune mobile agent
LSMS/ICSEE'10 Proceedings of the 2010 international conference on Life system modeling and and intelligent computing, and 2010 international conference on Intelligent computing for sustainable energy and environment: Part I
Automatic discovery of parasitic malware
RAID'10 Proceedings of the 13th international conference on Recent advances in intrusion detection
Community epidemic detection using time-correlated anomalies
RAID'10 Proceedings of the 13th international conference on Recent advances in intrusion detection
An insider threat prediction model
TrustBus'10 Proceedings of the 7th international conference on Trust, privacy and security in digital business
Network intrusion detection based on system calls and data mining
Frontiers of Computer Science in China
An immune memory clonal algorithm for numerical and combinatorial optimization
Frontiers of Computer Science in China
Design and analysis of genetic fuzzy systems for intrusion detection in computer networks
Expert Systems with Applications: An International Journal
Intrusion detection using continuous time Bayesian networks
Journal of Artificial Intelligence Research
Malware detection using assembly and API call sequences
Journal in Computer Virology
Correlating multi-session attacks via replay
HotDep'06 Proceedings of the Second conference on Hot topics in system dependability
Identifying the provenance of correlated anomalies
Proceedings of the 2011 ACM Symposium on Applied Computing
Intrusion detection using neural based hybrid classification methods
Computer Networks: The International Journal of Computer and Telecommunications Networking
Artificial immune system based on interval type-2 fuzzy set paradigm
Applied Soft Computing
High-order markov kernels for network intrusion detection
ICONIP'06 Proceedings of the 13th international conference on Neural information processing - Volume Part III
Context-based online configuration-error detection
USENIXATC'11 Proceedings of the 2011 USENIX conference on USENIX annual technical conference
Virtual machine monitor-based lightweight intrusion detection
ACM SIGOPS Operating Systems Review
A supervised topic transition model for detecting malicious system call sequences
Proceedings of the 2011 workshop on Knowledge discovery, modeling and simulation
Operating system interface obfuscation and the revealing of hidden operations
DIMVA'11 Proceedings of the 8th international conference on Detection of intrusions and malware, and vulnerability assessment
A gray-box DPDA-based intrusion detection technique using system-call monitoring
Proceedings of the 8th Annual Collaboration, Electronic messaging, Anti-Abuse and Spam Conference
Intrusion recovery for database-backed web applications
SOSP '11 Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles
Crowdroid: behavior-based malware detection system for Android
Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices
Expert Systems with Applications: An International Journal
Run-time malware detection based on positive selection
Journal in Computer Virology
Nitro: hardware-based system call tracing for virtual machines
IWSEC'11 Proceedings of the 6th International conference on Advances in information and computer security
Behavior analysis-based dynamic trust measurement model
ICICS'11 Proceedings of the 13th international conference on Information and communications security
deRop: removing return-oriented programming from malware
Proceedings of the 27th Annual Computer Security Applications Conference
Blind publication: a copyright library without publication or trust
Proceedings of the 11th international conference on Security Protocols
Lightweight monitoring of the progress of remotely executing computations
LCPC'05 Proceedings of the 18th international conference on Languages and Compilers for Parallel Computing
Modular behavior profiles in systems with shared libraries (short paper)
ICICS'06 Proceedings of the 8th international conference on Information and Communications Security
A probe detection model using the analysis of the fuzzy cognitive maps
ICCSA'05 Proceedings of the 2005 international conference on Computational Science and its Applications - Volume Part I
M of N features vs. intrusion detection
ICCSA'05 Proceedings of the 2005 international conference on Computational Science and its Applications - Volume Part I
PAKDD'06 Proceedings of the 10th Pacific-Asia conference on Advances in Knowledge Discovery and Data Mining
An SVM-Based masquerade detection method with online update using co-occurrence matrix
DIMVA'06 Proceedings of the Third international conference on Detection of Intrusions and Malware & Vulnerability Assessment
Detecting unknown network attacks using language models
DIMVA'06 Proceedings of the Third international conference on Detection of Intrusions and Malware & Vulnerability Assessment
Securing IPv6-Based mobile ad hoc networks through an artificial immune system
WIRN'05 Proceedings of the 16th Italian conference on Neural Nets
Neural network techniques for host anomaly intrusion detection using fixed pattern transformation
ICCSA'05 Proceedings of the 2005 international conference on Computational Science and Its Applications - Volume Part II
Intelligent agents as cells of immunological memory
ICCS'06 Proceedings of the 6th international conference on Computational Science - Volume Part III
Model generalization and its implications on intrusion detection
ACNS'05 Proceedings of the Third international conference on Applied Cryptography and Network Security
Applying fuzzy neural network to intrusion detection based on sequences of system calls
ADMA'05 Proceedings of the First international conference on Advanced Data Mining and Applications
Applying mining fuzzy association rules to intrusion detection based on sequences of system calls
ICCNMC'05 Proceedings of the Third international conference on Networking and Mobile Computing
Detecting the deviations of privileged process execution
ICN'05 Proceedings of the 4th international conference on Networking - Volume Part II
Learning the daily model of network traffic
ISMIS'05 Proceedings of the 15th international conference on Foundations of Intelligent Systems
A reinforcement learning approach for host-based intrusion detection using sequences of system calls
ICIC'05 Proceedings of the 2005 international conference on Advances in Intelligent Computing - Volume Part I
An immune concentration based virus detection approach using particle swarm optimization
ICSI'10 Proceedings of the First international conference on Advances in Swarm Intelligence - Volume Part I
A probabilistic method for detecting anomalous program behavior
WISA'04 Proceedings of the 5th international conference on Information Security Applications
Lightweight defect localization for java
ECOOP'05 Proceedings of the 19th European conference on Object-Oriented Programming
Improving host-based IDS with argument abstraction to prevent mimicry attacks
RAID'05 Proceedings of the 8th international conference on Recent Advances in Intrusion Detection
On random-inspection-based intrusion detection
RAID'05 Proceedings of the 8th international conference on Recent Advances in Intrusion Detection
A brief observation-centric analysis on anomaly-based intrusion detection
ISPEC'05 Proceedings of the First international conference on Information Security Practice and Experience
Intrusion detection system using sequence and set preserving metric
ISI'05 Proceedings of the 2005 IEEE international conference on Intelligence and Security Informatics
Learning classifiers for misuse detection using a bag of system calls representation
ISI'05 Proceedings of the 2005 IEEE international conference on Intelligence and Security Informatics
Hybrid intrusion detection model based on ordered sequences
MMM-ACNS'05 Proceedings of the Third international conference on Mathematical Methods, Models, and Architectures for Computer Network Security
A fast host-based intrusion detection system using rough set theory
Transactions on Rough Sets IV
A method for test suite reduction for regression testing of interactions between software modules
PSI'09 Proceedings of the 7th international Andrei Ershov Memorial conference on Perspectives of Systems Informatics
On leveraging stochastic models for remote attestation
INTRUST'10 Proceedings of the Second international conference on Trusted Systems
Taint-enhanced anomaly detection
ICISS'11 Proceedings of the 7th international conference on Information Systems Security
Control considerations for scalable event processing
DSOM'05 Proceedings of the 16th IFIP/IEEE Ambient Networks international conference on Distributed Systems: operations and Management
A hybrid method to intrusion detection systems using HMM
ICDCIT'05 Proceedings of the Second international conference on Distributed Computing and Internet Technology
Using sub-sequence information with kNN for classification of sequential data
ICDCIT'05 Proceedings of the Second international conference on Distributed Computing and Internet Technology
A sense of others: behavioral attestation of UNIX processes on remote platforms
Proceedings of the 6th International Conference on Ubiquitous Information Management and Communication
Software process evaluation: A machine learning approach
ASE '11 Proceedings of the 2011 26th IEEE/ACM International Conference on Automated Software Engineering
A graph mining approach for detecting unknown malwares
Journal of Visual Languages and Computing
International Journal of Information Management: The Journal for Information Professionals
Data & Knowledge Engineering
Randomizing smartphone malware profiles against statistical mining techniques
DBSec'12 Proceedings of the 26th Annual IFIP WG 11.3 conference on Data and Applications Security and Privacy
Virtual machine introspection in a hybrid honeypot architecture
CSET'12 Proceedings of the 5th USENIX conference on Cyber Security Experimentation and Test
Improving malware classification: bridging the static/dynamic gap
Proceedings of the 5th ACM workshop on Security and artificial intelligence
Babel: a secure computer is a polyglot
Proceedings of the 2012 ACM Workshop on Cloud computing security workshop
Similarity measures for sequential data
Wiley Interdisciplinary Reviews: Data Mining and Knowledge Discovery
A comparative study of negative selection based anomaly detection in sequence data
ICARIS'12 Proceedings of the 11th international conference on Artificial Immune Systems
Proceedings of the third ACM conference on Data and application security and privacy
Proceedings of the 7th International Conference on Ubiquitous Information Management and Communication
Progressive user interfaces for regressive analysis: making tracks with large, low-level systems
AUIC '11 Proceedings of the Twelfth Australasian User Interface Conference - Volume 117
Run-time control flow authentication: an assessment on contemporary x86 platforms
Proceedings of the 28th Annual ACM Symposium on Applied Computing
Security analysis of online centroid anomaly detection
The Journal of Machine Learning Research
A mechanism for achieving a bound on execution performance of process group to limit CPU abuse
The Journal of Supercomputing
A close look on n-grams in intrusion detection: anomaly detection vs. classification
Proceedings of the 2013 ACM workshop on Artificial intelligence and security
Design and implementation of a trusted monitoring framework for cloud platforms
Future Generation Computer Systems
Situational awareness through reasoning on network incidents
Proceedings of the 4th ACM conference on Data and application security and privacy
CloRExPa: Cloud resilience via execution path analysis
Future Generation Computer Systems
Data Mining and Knowledge Discovery
Extracting the system call identifier from within VFS: a kernel stack parsing-based approach
International Journal of Information and Computer Security
| Hi-index | 0.02 |
A method is introduced for detecting intrusions at the level of privileged processes. Evidence is given that short sequences of system calls executed by running processes are a good discriminator between normal and abnormal operating characteristics of several common UNIX programs. Normal behavior is collected in two ways: Synthetically, by exercising as many normal modes of usage of a program as possible, and in a live user environment by tracing the actual execution of the program. In the former case several types of intrusive behavior were studied; in the latter case, results were analyzed for false positives.