Introduction to statistical pattern recognition (2nd ed.)
Introduction to statistical pattern recognition (2nd ed.)
Learning the Korn shell
Portable shell programming: an extensive collection of Bourne shell examples
Portable shell programming: an extensive collection of Bourne shell examples
Improving intrusion detection performance using keyword selection and neural networks
Computer Networks: The International Journal of Computer and Telecommunications Networking - Special issue on recent advances in intrusion detection systems
Learning the Bash Shell
Analysis and Results of the 1999 DARPA Off-Line Intrusion Detection Evaluation
RAID '00 Proceedings of the Third International Workshop on Recent Advances in Intrusion Detection
Accurately Detecting Source Code of Attacks That Increase Privilege
RAID '00 Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection
A Neural Network Component for an Intrusion Detection System
SP '92 Proceedings of the 1992 IEEE Symposium on Security and Privacy
Common Lisp: The Language
AngeL: a tool to disarm computer systems
Proceedings of the 2001 workshop on New security paradigms
Accurately Detecting Source Code of Attacks That Increase Privilege
RAID '00 Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection
Defeating Internet Attacks Using Risk Awareness and Active Honeypots
IWIA '04 Proceedings of the Second IEEE International Information Assurance Workshop (IWIA'04)
| Hi-index | 0.00 |
Host-based Intrusion Detection Systems (IDS) that rely on audit data exhibit a delay between attack execution and attack detection. A knowledgeable attacker can use this delay to disable the IDS, often by executing an attack that increases privilege. To prevent this we have begun to develop a system to detect these attacks before they are executed. The system separates incoming data into several categories, each of which is summarized using feature statistics that are combined to estimate the posterior probability that the data contains attack code. Our work to date has focused on detecting attacks embedded in shell code and C source code. We have evaluated this system by constructing large databases of normal and attack software written by many people, selecting features and training classifiers, then testing the system on a disjoint corpus of normal and attack code. Results show that such attack code can be detected accurately.