Design and validation of computer protocols
Design and validation of computer protocols
IEEE Transactions on Software Engineering - Special issue on formal methods in software practice
Temporal sequence learning and data reduction for anomaly detection
ACM Transactions on Information and System Security (TISSEC)
Bro: a system for detecting network intruders in real-time
Computer Networks: The International Journal of Computer and Telecommunications Networking
ACM Transactions on Information and System Security (TISSEC)
Symbolic Model Checking
Introduction To Automata Theory, Languages, And Computation
Introduction To Automata Theory, Languages, And Computation
Detecting Manipulated Remote Call Streams
Proceedings of the 11th USENIX Security Symposium
Learning Program Behavior Profiles for Intrusion Detection
Proceedings of the Workshop on Intrusion Detection and Network Monitoring
Hiding Intrusions: From the Abnormal to the Normal and Beyond
IH '02 Revised Papers from the 5th International Workshop on Information Hiding
Self-Nonself Discrimination in a Computer
SP '94 Proceedings of the 1994 IEEE Symposium on Security and Privacy
A Sense of Self for Unix Processes
SP '96 Proceedings of the 1996 IEEE Symposium on Security and Privacy
Intrusion Detection via Static Analysis
SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
Operating system stability and security through process homeostasis
Operating system stability and security through process homeostasis
Automated response using system-call delays
SSYM'00 Proceedings of the 9th conference on USENIX Security Symposium - Volume 9
Network intrusion detection: evasion, traffic normalization, and end-to-end protocol semantics
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Data mining approaches for intrusion detection
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
Intrusion detection using sequences of system calls
Journal of Computer Security
Undermining an anomaly-based intrusion detection system using common exploits
RAID'02 Proceedings of the 5th international conference on Recent advances in intrusion detection
Hiding Intrusions: From the Abnormal to the Normal and Beyond
IH '02 Revised Papers from the 5th International Workshop on Information Hiding
Anomaly Detection Using Call Stack Information
SP '03 Proceedings of the 2003 IEEE Symposium on Security and Privacy
Model-carrying code: a practical approach for safe execution of untrusted applications
SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
Detection of injected, dynamically generated, and obfuscated malicious code
Proceedings of the 2003 ACM workshop on Rapid malcode
User re-authentication via mouse movements
Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security
MORPHEUS: motif oriented representations to purge hostile events from unlabeled sequences
Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security
The role of suspicion in model-based intrusion detection
NSPW '04 Proceedings of the 2004 workshop on New security paradigms
Application of SVM and ANN for intrusion detection
Computers and Operations Research
Using dynamic information flow analysis to detect attacks against applications
SESS '05 Proceedings of the 2005 workshop on Software engineering for secure systems—building trustworthy applications
A multi-model approach to the detection of web-based attacks
Computer Networks: The International Journal of Computer and Telecommunications Networking - Web security
Proceedings of the 12th ACM conference on Computer and communications security
Anomalous system call detection
ACM Transactions on Information and System Security (TISSEC)
Improving address space randomization with a dynamic offset randomization technique
Proceedings of the 2006 ACM symposium on Applied computing
On evolving buffer overflow attacks using genetic programming
Proceedings of the 8th annual conference on Genetic and evolutionary computation
Behavior-based modeling and its application to Email analysis
ACM Transactions on Internet Technology (TOIT)
Privacy-preserving payload-based correlation for accurate malicious traffic detection
Proceedings of the 2006 SIGCOMM workshop on Large-scale attack defense
Evading network anomaly detection systems: formal reasoning and practical techniques
Proceedings of the 13th ACM conference on Computer and communications security
BASS: a benchmark suite for evaluating architectural security systems
ACM SIGARCH Computer Architecture News
Minos: Architectural support for protecting control data
ACM Transactions on Architecture and Code Optimization (TACO)
Network Intrusion Detection: Automated and Manual Methods Prone to Attack and Evasion
IEEE Security and Privacy
Analyzing and evaluating dynamics in stide performance for intrusion detection
Knowledge-Based Systems
Learning DFA representations of HTTP for protecting web applications
Computer Networks: The International Journal of Computer and Telecommunications Networking
Improving host security with system call policies
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
On gray-box program tracking for anomaly detection
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Automating mimicry attacks using static binary analysis
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
Non-control-data attacks are realistic threats
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
Protecting against unexpected system calls
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
Guarded models for intrusion detection
Proceedings of the 2007 workshop on Programming languages and analysis for security
Analysis of Computer Intrusions Using Sequences of Function Calls
IEEE Transactions on Dependable and Secure Computing
Proceedings of the 22nd annual ACM SIGPLAN conference on Object-oriented programming systems and applications
Biologically-inspired Complex Adaptive Systems approaches to Network Intrusion Detection
Information Security Tech. Report
Information Security Tech. Report
Switchblade: enforcing dynamic personalized system call models
Proceedings of the 3rd ACM SIGOPS/EuroSys European Conference on Computer Systems 2008
Sequence alignment for masquerade detection
Computational Statistics & Data Analysis
A practical mimicry attack against powerful system-call monitors
Proceedings of the 2008 ACM symposium on Information, computer and communications security
A Case-Based Approach to Anomaly Intrusion Detection
MLDM '07 Proceedings of the 5th international conference on Machine Learning and Data Mining in Pattern Recognition
Static Analysis on x86 Executables for Preventing Automatic Mimicry Attacks
DIMVA '07 Proceedings of the 4th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
ICCBR '07 Proceedings of the 7th international conference on Case-Based Reasoning: Case-Based Reasoning Research and Development
Embedded Malware Detection Using Markov n-Grams
DIMVA '08 Proceedings of the 5th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Learning and Classification of Malware Behavior
DIMVA '08 Proceedings of the 5th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Vigilante: End-to-end containment of Internet worm epidemics
ACM Transactions on Computer Systems (TOCS)
Return Value Predictability Profiles for Self---healing
IWSEC '08 Proceedings of the 3rd International Workshop on Security: Advances in Information and Computer Security
Transparent Process Monitoring in a Virtual Environment
Electronic Notes in Theoretical Computer Science (ENTCS)
Address-space layout randomization using code islands
Journal of Computer Security - Best papers of the Sec Track at the 2006 ACM Symposium
Using Artificial Intelligence for Intrusion Detection
Proceedings of the 2007 conference on Emerging Artificial Intelligence Applications in Computer Engineering: Real Word AI Systems with Applications in eHealth, HCI, Information Retrieval and Pervasive Technologies
Evolving Buffer Overflow Attacks with Detector Feedback
Proceedings of the 2007 EvoWorkshops 2007 on EvoCoMnet, EvoFIN, EvoIASP,EvoINTERACTION, EvoMUSART, EvoSTOC and EvoTransLog: Applications of Evolutionary Computing
Selecting and Improving System Call Models for Anomaly Detection
DIMVA '09 Proceedings of the 6th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Impact of IT monoculture on behavioral end host intrusion detection
Proceedings of the 1st ACM workshop on Research on enterprise networking
The user is not the enemy: fighting malware by tracking user intentions
Proceedings of the 2008 workshop on New security paradigms
The future of biologically-inspired security: is there anything left to learn?
NSPW '07 Proceedings of the 2007 Workshop on New Security Paradigms
Building an Application Data Behavior Model for Intrusion Detection
Proceedings of the 23rd Annual IFIP WG 11.3 Working Conference on Data and Applications Security XXIII
Control-flow integrity principles, implementations, and applications
ACM Transactions on Information and System Security (TISSEC)
A multi-model approach to the detection of web-based attacks
Computer Networks: The International Journal of Computer and Telecommunications Networking - Web security
Battle of Botcraft: fighting bots in online games with human observational proofs
Proceedings of the 16th ACM conference on Computer and communications security
Proceedings of the 2nd ACM workshop on Security and artificial intelligence
Intrusion detection using signatures extracted from execution profiles
IWSESS '09 Proceedings of the 2009 ICSE Workshop on Software Engineering for Secure Systems
Adaptive Anomaly Detection via Self-calibration and Dynamic Updating
RAID '09 Proceedings of the 12th International Symposium on Recent Advances in Intrusion Detection
Automatically Adapting a Trained Anomaly Detector to Software Patches
RAID '09 Proceedings of the 12th International Symposium on Recent Advances in Intrusion Detection
Efficient Intrusion Detection Based on Static Analysis and Stack Walks
IWSEC '09 Proceedings of the 4th International Workshop on Security: Advances in Information and Computer Security
Application Data Consistency Checking for Anomaly Based Intrusion Detection
SSS '09 Proceedings of the 11th International Symposium on Stabilization, Safety, and Security of Distributed Systems
Combining Static Model Checking with Dynamic Enforcement Using the Statecall Policy Language
ICFEM '09 Proceedings of the 11th International Conference on Formal Engineering Methods: Formal Methods and Software Engineering
Optimizing anomaly detector deployment under evolutionary black-box vulnerability testing
CISDA'09 Proceedings of the Second IEEE international conference on Computational intelligence for security and defense applications
Evolving TCP/IP packets: a case study of port scans
CISDA'09 Proceedings of the Second IEEE international conference on Computational intelligence for security and defense applications
Detection and analysis of drive-by-download attacks and malicious JavaScript code
Proceedings of the 19th international conference on World wide web
Exploiting execution context for the detection of anomalous system calls
RAID'07 Proceedings of the 10th international conference on Recent advances in intrusion detection
Understanding precision in host based intrusion detection: formal analysis and practical models
RAID'07 Proceedings of the 10th international conference on Recent advances in intrusion detection
Swaddler: an approach for the anomaly-based detection of state violations in web applications
RAID'07 Proceedings of the 10th international conference on Recent advances in intrusion detection
Alert verification evasion through server response forging
RAID'07 Proceedings of the 10th international conference on Recent advances in intrusion detection
A sandbox with a dynamic policy based on execution contexts of applications
ASIAN'07 Proceedings of the 12th Asian computing science conference on Advances in computer science: computer and network security
Efficient, context-sensitive detection of real-world semantic attacks
PLAS '10 Proceedings of the 5th ACM SIGPLAN Workshop on Programming Languages and Analysis for Security
Journal of Intelligent Information Systems
AccessMiner: using system-centric models for malware protection
Proceedings of the 17th ACM conference on Computer and communications security
Mimimorphism: a new approach to binary code obfuscation
Proceedings of the 17th ACM conference on Computer and communications security
KIDS: keyed intrusion detection system
DIMVA'10 Proceedings of the 7th international conference on Detection of intrusions and malware, and vulnerability assessment
Intellectual intrusion detection with sequences alignment methods
MMM-ACNS'10 Proceedings of the 5th international conference on Mathematical methods, models and architectures for computer network security
Community epidemic detection using time-correlated anomalies
RAID'10 Proceedings of the 13th international conference on Recent advances in intrusion detection
Base line performance measurements of access controls for libraries and modules
IPDPS'06 Proceedings of the 20th international conference on Parallel and distributed processing
Artificial malware immunization based on dynamically assigned sense of self
ISC'10 Proceedings of the 13th international conference on Information security
Attestation of integrity of overlay networks
Journal of Systems Architecture: the EUROMICRO Journal
Joint network-host based malware detection using information-theoretic tools
Journal in Computer Virology
Context-based online configuration-error detection
USENIXATC'11 Proceedings of the 2011 USENIX conference on USENIX annual technical conference
Policy-centric protection of OS kernel from vulnerable loadable kernel modules
ISPEC'11 Proceedings of the 7th international conference on Information security practice and experience
SLA-based complementary approach for network intrusion detection
Computer Communications
Operating system interface obfuscation and the revealing of hidden operations
DIMVA'11 Proceedings of the 8th international conference on Detection of intrusions and malware, and vulnerability assessment
Malware analysis with tree automata inference
CAV'11 Proceedings of the 23rd international conference on Computer aided verification
The Frog-Boiling Attack: Limitations of Secure Network Coordinate Systems
ACM Transactions on Information and System Security (TISSEC)
Proceedings of the 4th ACM workshop on Security and artificial intelligence
Replacement attacks on behavior based software birthmark
ISC'11 Proceedings of the 14th international conference on Information security
Run-time malware detection based on positive selection
Journal in Computer Virology
Estimating accuracy of mobile-masquerader detection using worst-case and best-case scenario
ICICS'06 Proceedings of the 8th international conference on Information and Communications Security
Modular behavior profiles in systems with shared libraries (short paper)
ICICS'06 Proceedings of the 8th international conference on Information and Communications Security
On the use of word networks to mimicry attack detection
ETRICS'06 Proceedings of the 2006 international conference on Emerging Trends in Information and Communication Security
Securing IPv6-Based mobile ad hoc networks through an artificial immune system
WIRN'05 Proceedings of the 16th Italian conference on Neural Nets
Audit file reduction using n-gram models
FC'05 Proceedings of the 9th international conference on Financial Cryptography and Data Security
Intrusion detection via analysis and modelling of user commands
DaWaK'05 Proceedings of the 7th international conference on Data Warehousing and Knowledge Discovery
Modelling mobility aspects of security policies
CASSIS'04 Proceedings of the 2004 international conference on Construction and Analysis of Safe, Secure, and Interoperable Smart Devices
Anomaly detection in computer security and an application to file system accesses
ISMIS'05 Proceedings of the 15th international conference on Foundations of Intelligent Systems
USAID: unifying signature-based and anomaly-based intrusion detection
PAKDD'05 Proceedings of the 9th Pacific-Asia conference on Advances in Knowledge Discovery and Data Mining
A probabilistic method for detecting anomalous program behavior
WISA'04 Proceedings of the 5th international conference on Information Security Applications
Service discrimination and audit file reduction for effective intrusion detection
WISA'04 Proceedings of the 5th international conference on Information Security Applications
A learning-based approach to the detection of SQL attacks
DIMVA'05 Proceedings of the Second international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Behavioral distance for intrusion detection
RAID'05 Proceedings of the 8th international conference on Recent Advances in Intrusion Detection
Improving host-based IDS with argument abstraction to prevent mimicry attacks
RAID'05 Proceedings of the 8th international conference on Recent Advances in Intrusion Detection
On random-inspection-based intrusion detection
RAID'05 Proceedings of the 8th international conference on Recent Advances in Intrusion Detection
Environment-sensitive intrusion detection
RAID'05 Proceedings of the 8th international conference on Recent Advances in Intrusion Detection
On the role of information compaction to intrusion detection
ISSADS'05 Proceedings of the 5th international conference on Advanced Distributed Systems
Model redundancy vs. intrusion detection
ISPEC'05 Proceedings of the First international conference on Information Security Practice and Experience
Behavioral distance measurement using hidden markov models
RAID'06 Proceedings of the 9th international conference on Recent Advances in Intrusion Detection
Automated discovery of mimicry attacks
RAID'06 Proceedings of the 9th international conference on Recent Advances in Intrusion Detection
Anagram: a content anomaly detector resistant to mimicry attack
RAID'06 Proceedings of the 9th international conference on Recent Advances in Intrusion Detection
A general model and guidelines for attack manifestation generation
CRITIS'07 Proceedings of the Second international conference on Critical Information Infrastructures Security
Taint-enhanced anomaly detection
ICISS'11 Proceedings of the 7th international conference on Information Systems Security
A signature scheme for distributed executions based on control flow analysis
SIIS'11 Proceedings of the 2011 international conference on Security and Intelligent Information Systems
International Journal of Information Management: The Journal for Information Professionals
Shadow attacks: automatically evading system-call-behavior based malware detection
Journal in Computer Virology
Recognizing malicious software behaviors with tree automata inference
Formal Methods in System Design
NORT: runtime anomaly-based monitoring of malicious behavior for windows
RV'11 Proceedings of the Second international conference on Runtime verification
Query strategies for evading convex-inducing classifiers
The Journal of Machine Learning Research
Masquerade attacks based on user's profile
Journal of Systems and Software
Blacksheep: detecting compromised hosts in homogeneous crowds
Proceedings of the 2012 ACM conference on Computer and communications security
Dynamic anomaly detection for more trustworthy outsourced computation
ISC'12 Proceedings of the 15th international conference on Information Security
International Journal of Information Security and Privacy
Process firewalls: protecting processes during resource access
Proceedings of the 8th ACM European Conference on Computer Systems
POSTER: Revisiting anomaly detection system design philosophy
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Control-flow integrity principles, implementations, and applications
ACM Transactions on Information and System Security (TISSEC)
On effective sampling techniques in host-based intrusion detection in tactical MANET
International Journal of Security and Networks
On effective data aggregation techniques in host-based intrusion detection in MANET
International Journal of Security and Networks
Generating profile-based signatures for online intrusion and failure detection
Information and Software Technology
| Hi-index | 0.00 |
We examine several host-based anomaly detection systems and study their security against evasion attacks. First, we introduce the notion of a mimicry attack, which allows a sophisticated attacker to cloak their intrusion to avoid detection by the IDS. Then, we develop a theoretical framework for evaluating the security of an IDS against mimicry attacks. We show how to break the security of one published IDS with these methods, and we experimentally confirm the power of mimicry attacks by giving a worked example of an attack on a concrete IDS implementation. We conclude with a call for further research on intrusion detection from both attacker's and defender's viewpoints.