State Transition Analysis: A Rule-Based Intrusion Detection Approach
IEEE Transactions on Software Engineering
USTAT: A Real-Time Intrusion Detection System for UNIX
SP '93 Proceedings of the 1993 IEEE Symposium on Security and Privacy
A Sense of Self for Unix Processes
SP '96 Proceedings of the 1996 IEEE Symposium on Security and Privacy
Intrusion detection using sequences of system calls
Journal of Computer Security
Hi-index | 0.00 |
In this paper, we present a new method to detect malicious program behavior in general based on computer audit data. Ilgun, et al. have proposed USTAT (State Transition Analysis Tool for UNIX), a rule-based state transition analysis approach to solve this problem. Also, Hofmeyr and Forrest have used the N-grams method to classify program behavior traces. Here we propose an improved method that uses state transition probabilities to classify audit data. This method is more flexible and dynamic, and could be applied to a wider range of data.