State transition analysis to detect malicious program behavior

Authors:
Xin Tang;Constantine Manikopoulos;Sotirios G. Ziavras
Affiliations:
Electrical and Computer Engineering Department, New Jersey Institute of Technology, Newark, NJ;Electrical and Computer Engineering Department, New Jersey Institute of Technology, Newark, NJ;Electrical and Computer Engineering Department, New Jersey Institute of Technology, Newark, NJ
Venue:
ICCOMP'08 Proceedings of the 12th WSEAS international conference on Computers
Year:
2008

Citing 4
Cited 0

State Transition Analysis: A Rule-Based Intrusion Detection Approach

IEEE Transactions on Software Engineering
USTAT: A Real-Time Intrusion Detection System for UNIX

SP '93 Proceedings of the 1993 IEEE Symposium on Security and Privacy
A Sense of Self for Unix Processes

SP '96 Proceedings of the 1996 IEEE Symposium on Security and Privacy
Intrusion detection using sequences of system calls

Journal of Computer Security

Quantified Score

Hi-index	0.00

Visualization

Abstract

In this paper, we present a new method to detect malicious program behavior in general based on computer audit data. Ilgun, et al. have proposed USTAT (State Transition Analysis Tool for UNIX), a rule-based state transition analysis approach to solve this problem. Also, Hofmeyr and Forrest have used the N-grams method to classify program behavior traces. Here we propose an improved method that uses state transition probabilities to classify audit data. This method is more flexible and dynamic, and could be applied to a wider range of data.