Security audit trail analysis using inductively generated predictive rules
Proceedings of the sixth conference on Artificial intelligence applications
Intrusion detection: its role and validation
Computers and Security
Cryptography and data security
Cryptography and data security
A Sense of Self for Unix Processes
SP '96 Proceedings of the 1996 IEEE Symposium on Security and Privacy
A secure environment for untrusted helper applications confining the Wily Hacker
SSYM'96 Proceedings of the 6th conference on USENIX Security Symposium, Focusing on Applications of Cryptography - Volume 6
Simple, state-based approaches to program-based anomaly detection
ACM Transactions on Information and System Security (TISSEC)
Intrusion Detection Using Variable-Length Audit Trail Patterns
RAID '00 Proceedings of the Third International Workshop on Recent Advances in Intrusion Detection
A Real-Time Intrusion Detection System Based on Learning Program Behavior
RAID '00 Proceedings of the Third International Workshop on Recent Advances in Intrusion Detection
A Useful Intrusion Detection System Prototype to Monitor Multi-processes Based on System Calls
ICICS '01 Proceedings of the Third International Conference on Information and Communications Security
A New Stack Buffer Overflow Hacking Defense Technique with Memory Address Confirmation
ICISC '01 Proceedings of the 4th International Conference Seoul on Information Security and Cryptology
Intrusion Detection through Behavioral Data
IDA '99 Proceedings of the Third International Symposium on Advances in Intelligent Data Analysis
An new intrusion detection method based on linear prediction
InfoSecu '04 Proceedings of the 3rd international conference on Information security
Anomalous path detection with hardware support
Proceedings of the 2005 international conference on Compilers, architectures and synthesis for embedded systems
ASM: application security monitor
ACM SIGARCH Computer Architecture News - Special issue on the 2005 workshop on binary instrumentation and application
Detecting and Isolating Malicious Routers
IEEE Transactions on Dependable and Secure Computing
Proceedings of the 1st workshop on Architectural and system support for improving software dependability
Using Branch Correlation to Identify Infeasible Paths for Anomaly Detection
Proceedings of the 39th Annual IEEE/ACM International Symposium on Microarchitecture
Memory Protection through Dynamic Access Control
Proceedings of the 39th Annual IEEE/ACM International Symposium on Microarchitecture
NetHost-sensor: Monitoring a target host's application via system calls
Information Security Tech. Report
Learning DFA representations of HTTP for protecting web applications
Computer Networks: The International Journal of Computer and Telecommunications Networking
On preventing intrusions by process behavior monitoring
ID'99 Proceedings of the 1st conference on Workshop on Intrusion Detection and Network Monitoring - Volume 1
Intrusion detection through dynamic software measurement
ID'99 Proceedings of the 1st conference on Workshop on Intrusion Detection and Network Monitoring - Volume 1
Learning program behavior profiles for intrusion detection
ID'99 Proceedings of the 1st conference on Workshop on Intrusion Detection and Network Monitoring - Volume 1
Identity verification through dynamic keystroke analysis
Intelligent Data Analysis
Seeing the invisible: forensic uses of anomaly detection and machine learning
ACM SIGOPS Operating Systems Review
ACM Computing Surveys (CSUR)
Virtual machine monitor-based lightweight intrusion detection
ACM SIGOPS Operating Systems Review
A gray-box DPDA-based intrusion detection technique using system-call monitoring
Proceedings of the 8th Annual Collaboration, Electronic messaging, Anti-Abuse and Spam Conference
Nitro: hardware-based system call tracing for virtual machines
IWSEC'11 Proceedings of the 6th International conference on Advances in information and computer security
PAKDD'06 Proceedings of the 10th Pacific-Asia conference on Advances in Knowledge Discovery and Data Mining
Self debugging mode for patch-independent nullification of unknown remote process infection
CANS'05 Proceedings of the 4th international conference on Cryptology and Network Security
A probabilistic method for detecting anomalous program behavior
WISA'04 Proceedings of the 5th international conference on Information Security Applications
Hi-index | 0.00 |
Computer use leaves trails of activity that can reveal signatures of misuse as well as of legitimate activity. Depending on the audit method used, one can record a user's keystrokes, the system resources used, or the system calls made by some collection of processes. The authors have done preliminary work on the analysis of system call traces, particularly their structure during normal and anomalous behavior, and have found the anomalies to be temporally localized. These techniques could eventually lead to an effective, automatic analysis and monitoring system, and might even be extensible to handle other kinds of anomalous behavior.