Implementing fault-tolerant services using the state machine approach: a tutorial
ACM Computing Surveys (CSUR)
Secure agreement protocols: reliable and atomic group multicast in rampart
CCS '94 Proceedings of the 2nd ACM Conference on Computer and communications security
Applications of generalized pair hidden Markov models to alignment and gene finding problems
RECOMB '01 Proceedings of the fifth annual international conference on Computational biology
Fault Detection for Byzantine Quorum Systems
IEEE Transactions on Parallel and Distributed Systems
Practical byzantine fault tolerance and proactive recovery
ACM Transactions on Computer Systems (TOCS)
Mimicry attacks on host-based intrusion detection systems
Proceedings of the 9th ACM conference on Computer and communications security
Intrusion Detection Using Variable-Length Audit Trail Patterns
RAID '00 Proceedings of the Third International Workshop on Recent Advances in Intrusion Detection
Detecting Manipulated Remote Call Streams
Proceedings of the 11th USENIX Security Symposium
Hiding Intrusions: From the Abnormal to the Normal and Beyond
IH '02 Revised Papers from the 5th International Workshop on Information Hiding
Secure Intrusion-tolerant Replication on the Internet
DSN '02 Proceedings of the 2002 International Conference on Dependable Systems and Networks
Anomaly Detection Using Call Stack Information
SP '03 Proceedings of the 2003 IEEE Symposium on Security and Privacy
BASE: Using abstraction to improve fault tolerance
ACM Transactions on Computer Systems (TOCS)
A Fast Automaton-Based Method for Detecting Anomalous Program Behaviors
SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
Intrusion Detection via Static Analysis
SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
Separating agreement from execution for byzantine fault tolerant services
SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
Gray-box extraction of execution graphs for anomaly detection
Proceedings of the 11th ACM conference on Computer and communications security
Fault-scalable Byzantine fault-tolerant services
Proceedings of the twentieth ACM symposium on Operating systems principles
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
On gray-box program tracking for anomaly detection
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
N-variant systems: a secretless framework for security through diversity
USENIX-SS'06 Proceedings of the 15th conference on USENIX Security Symposium - Volume 15
A sense of self for Unix processes
SP'96 Proceedings of the 1996 IEEE conference on Security and privacy
Behavioral distance for intrusion detection
RAID'05 Proceedings of the 8th international conference on Recent Advances in Intrusion Detection
Environment-sensitive intrusion detection
RAID'05 Proceedings of the 8th international conference on Recent Advances in Intrusion Detection
Sensing Attacks in Computers Networks with Hidden Markov Models
MLDM '07 Proceedings of the 5th international conference on Machine Learning and Data Mining in Pattern Recognition
Incorporation of Application Layer Protocol Syntax into Anomaly Detection
ICISS '08 Proceedings of the 4th International Conference on Information Systems Security
On the Effectiveness of Software Diversity: A Systematic Study on Real-World Vulnerabilities
DIMVA '09 Proceedings of the 6th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Hidden Markov Model Modeling of SSH Brute-Force Attacks
DSOM '09 Proceedings of the 20th IFIP/IEEE International Workshop on Distributed Systems: Operations and Management: Integrated Management of Systems, Services, Processes and People in IT
Automated classification and analysis of internet malware
RAID'07 Proceedings of the 10th international conference on Recent advances in intrusion detection
A survey of anomaly intrusion detection techniques
Journal of Computing Sciences in Colleges
Information Sciences: an International Journal
Proceedings of the 2013 Research in Adaptive and Convergent Systems
Hi-index | 0.00 |
The behavioral distance between two processes is a measure of the deviation of their behaviors. Behavioral distance has been proposed for detecting the compromise of a process, by computing its behavioral distance from another process executed on the same input. Provided that the two processes are diverse and so unlikely to fall prey to the same attacks, an increase in behavioral distance might indicate the compromise of one of them. In this paper we propose a new approach to behavioral distance calculation using a new type of Hidden Markov Model. We also empirically evaluate the intrusion detection capability of our proposal when used to measure the distance between the system-call behaviors of diverse web servers. Our experiments show that it detects intrusions with substantially greater accuracy and with performance overhead comparable to that of prior proposals.