Mimicry attacks on host-based intrusion detection systems
Proceedings of the 9th ACM conference on Computer and communications security
Intrusion Detection Using Variable-Length Audit Trail Patterns
RAID '00 Proceedings of the Third International Workshop on Recent Advances in Intrusion Detection
Detecting Manipulated Remote Call Streams
Proceedings of the 11th USENIX Security Symposium
Using Programmer-Written Compiler Extensions to Catch Security Holes
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
A Sense of Self for Unix Processes
SP '96 Proceedings of the 1996 IEEE Symposium on Security and Privacy
A Fast Automaton-Based Method for Detecting Anomalous Program Behaviors
SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
Intrusion Detection via Static Analysis
SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
A study in using neural networks for anomaly and misuse detection
SSYM'99 Proceedings of the 8th conference on USENIX Security Symposium - Volume 8
StackGuard: automatic adaptive detection and prevention of buffer-overflow attacks
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
Data mining approaches for intrusion detection
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
Intrusion detection using sequences of system calls
Journal of Computer Security
Model-carrying code: a practical approach for safe execution of untrusted applications
SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
Detection of injected, dynamically generated, and obfuscated malicious code
Proceedings of the 2003 ACM workshop on Rapid malcode
User re-authentication via mouse movements
Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security
Gray-box extraction of execution graphs for anomaly detection
Proceedings of the 11th ACM conference on Computer and communications security
Speculative Security Checks in Sandboxing Systems
IPDPS '05 Proceedings of the 19th IEEE International Parallel and Distributed Processing Symposium (IPDPS'05) - Workshop 17 - Volume 18
Using dynamic information flow analysis to detect attacks against applications
SESS '05 Proceedings of the 2005 workshop on Software engineering for secure systems—building trustworthy applications
Anomalous path detection with hardware support
Proceedings of the 2005 international conference on Compilers, architectures and synthesis for embedded systems
Proceedings of the 12th ACM conference on Computer and communications security
Anomalous system call detection
ACM Transactions on Information and System Security (TISSEC)
Evading network anomaly detection systems: formal reasoning and practical techniques
Proceedings of the 13th ACM conference on Computer and communications security
Memory Protection through Dynamic Access Control
Proceedings of the 39th Annual IEEE/ACM International Symposium on Microarchitecture
CuPIDS: An exploration of highly focused, co-processor-based information system protection
Computer Networks: The International Journal of Computer and Telecommunications Networking
Attack profiles to derive data observations, features, and characteristics of cyber attacks
Information-Knowledge-Systems Management
On gray-box program tracking for anomaly detection
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Automating mimicry attacks using static binary analysis
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
Non-control-data attacks are realistic threats
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
Protecting against unexpected system calls
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
Weighting versus pruning in rule validation for detecting network and host anomalies
Proceedings of the 13th ACM SIGKDD international conference on Knowledge discovery and data mining
Proceedings of the 22nd annual ACM SIGPLAN conference on Object-oriented programming systems and applications
Information Security Tech. Report
Control of system calls from outside of virtual machines
Proceedings of the 2008 ACM symposium on Applied computing
From STEM to SEAD: speculative execution for automated defense
ATC'07 2007 USENIX Annual Technical Conference on Proceedings of the USENIX Annual Technical Conference
A practical mimicry attack against powerful system-call monitors
Proceedings of the 2008 ACM symposium on Information, computer and communications security
Sensing Attacks in Computers Networks with Hidden Markov Models
MLDM '07 Proceedings of the 5th international conference on Machine Learning and Data Mining in Pattern Recognition
Static Analysis on x86 Executables for Preventing Automatic Mimicry Attacks
DIMVA '07 Proceedings of the 4th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Vigilante: End-to-end containment of Internet worm epidemics
ACM Transactions on Computer Systems (TOCS)
Online Network Forensics for Automatic Repair Validation
IWSEC '08 Proceedings of the 3rd International Workshop on Security: Advances in Information and Computer Security
Return Value Predictability Profiles for Self---healing
IWSEC '08 Proceedings of the 3rd International Workshop on Security: Advances in Information and Computer Security
Automatic software fault diagnosis by exploiting application signatures
LISA'08 Proceedings of the 22nd conference on Large installation system administration conference
Flexible calling context reification for aspect-oriented programming
Proceedings of the 8th ACM international conference on Aspect-oriented software development
Transparent Process Monitoring in a Virtual Environment
Electronic Notes in Theoretical Computer Science (ENTCS)
Using static analysis for Ajax intrusion detection
Proceedings of the 18th international conference on World wide web
Hardware-assisted run-time monitoring for secure program execution on embedded processors
IEEE Transactions on Very Large Scale Integration (VLSI) Systems
Selecting and Improving System Call Models for Anomaly Detection
DIMVA '09 Proceedings of the 6th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Self-healing: science, engineering, and fiction
NSPW '07 Proceedings of the 2007 Workshop on New Security Paradigms
The future of biologically-inspired security: is there anything left to learn?
NSPW '07 Proceedings of the 2007 Workshop on New Security Paradigms
Control-flow integrity principles, implementations, and applications
ACM Transactions on Information and System Security (TISSEC)
ACM Transactions on Autonomous and Adaptive Systems (TAAS)
Proceedings of the 24th ACM SIGPLAN conference on Object oriented programming systems languages and applications
Indirect Branch Validation Unit
Microprocessors & Microsystems
Fides: remote anomaly-based cheat detection using client emulation
Proceedings of the 16th ACM conference on Computer and communications security
Intrusion detection using signatures extracted from execution profiles
IWSESS '09 Proceedings of the 2009 ICSE Workshop on Software Engineering for Secure Systems
Automatically Adapting a Trained Anomaly Detector to Software Patches
RAID '09 Proceedings of the 12th International Symposium on Recent Advances in Intrusion Detection
Efficient Intrusion Detection Based on Static Analysis and Stack Walks
IWSEC '09 Proceedings of the 4th International Workshop on Security: Advances in Information and Computer Security
An intrusion detection based on support vector machines with a voting weight schema
IEA/AIE'07 Proceedings of the 20th international conference on Industrial, engineering, and other applications of applied intelligent systems
Exploiting execution context for the detection of anomalous system calls
RAID'07 Proceedings of the 10th international conference on Recent advances in intrusion detection
Understanding precision in host based intrusion detection: formal analysis and practical models
RAID'07 Proceedings of the 10th international conference on Recent advances in intrusion detection
Swaddler: an approach for the anomaly-based detection of state violations in web applications
RAID'07 Proceedings of the 10th international conference on Recent advances in intrusion detection
Masquerade detection based upon GUI user profiling in linux systems
ASIAN'07 Proceedings of the 12th Asian computing science conference on Advances in computer science: computer and network security
A sandbox with a dynamic policy based on execution contexts of applications
ASIAN'07 Proceedings of the 12th Asian computing science conference on Advances in computer science: computer and network security
Efficient and practical control flow monitoring for program security
ASIAN'06 Proceedings of the 11th Asian computing science conference on Advances in computer science: secure software and related issues
Detection and diagnosis of control interception
ICICS'07 Proceedings of the 9th international conference on Information and communications security
Efficient, context-sensitive detection of real-world semantic attacks
PLAS '10 Proceedings of the 5th ACM SIGPLAN Workshop on Programming Languages and Analysis for Security
HMM-web: a framework for the detection of attacks against web applications
ICC'09 Proceedings of the 2009 IEEE international conference on Communications
Cost-aware systemwide intrusion defense via online forensics and on-demand detector deployment
Proceedings of the 3rd ACM workshop on Assurable and usable security configuration
Community epidemic detection using time-correlated anomalies
RAID'10 Proceedings of the 13th international conference on Recent advances in intrusion detection
Artificial malware immunization based on dynamically assigned sense of self
ISC'10 Proceedings of the 13th international conference on Information security
Mining hot calling contexts in small space
Proceedings of the 32nd ACM SIGPLAN conference on Programming language design and implementation
Comprehensive aspect weaving for Java
Science of Computer Programming
A gray-box DPDA-based intrusion detection technique using system-call monitoring
Proceedings of the 8th Annual Collaboration, Electronic messaging, Anti-Abuse and Spam Conference
Purpose control: did you process the data for the intended purpose?
SDM'11 Proceedings of the 8th VLDB international conference on Secure data management
Modular behavior profiles in systems with shared libraries (short paper)
ICICS'06 Proceedings of the 8th international conference on Information and Communications Security
Using static program analysis to aid intrusion detection
DIMVA'06 Proceedings of the Third international conference on Detection of Intrusions and Malware & Vulnerability Assessment
Anomaly detection method based on HMMs using system call and call stack information
CIS'05 Proceedings of the 2005 international conference on Computational Intelligence and Security - Volume Part II
Behavioral distance for intrusion detection
RAID'05 Proceedings of the 8th international conference on Recent Advances in Intrusion Detection
Improving host-based IDS with argument abstraction to prevent mimicry attacks
RAID'05 Proceedings of the 8th international conference on Recent Advances in Intrusion Detection
On random-inspection-based intrusion detection
RAID'05 Proceedings of the 8th international conference on Recent Advances in Intrusion Detection
Environment-sensitive intrusion detection
RAID'05 Proceedings of the 8th international conference on Recent Advances in Intrusion Detection
Behavioral distance measurement using hidden markov models
RAID'06 Proceedings of the 9th international conference on Recent Advances in Intrusion Detection
Taint-enhanced anomaly detection
ICISS'11 Proceedings of the 7th international conference on Information Systems Security
Runtime countermeasures for code injection attacks against C and C++ programs
ACM Computing Surveys (CSUR)
Investigative behavior profiling with one class SVM for computer forensics
MIWAI'11 Proceedings of the 5th international conference on Multi-Disciplinary Trends in Artificial Intelligence
NORT: runtime anomaly-based monitoring of malicious behavior for windows
RV'11 Proceedings of the Second international conference on Runtime verification
Dynamic anomaly detection for more trustworthy outsourced computation
ISC'12 Proceedings of the 15th international conference on Information Security
Subverting system authentication with context-aware, reactive virtual machine introspection
Proceedings of the 29th Annual Computer Security Applications Conference
Control-flow integrity principles, implementations, and applications
ACM Transactions on Information and System Security (TISSEC)
DeltaPath: Precise and Scalable Calling Context Encoding
Proceedings of Annual IEEE/ACM International Symposium on Code Generation and Optimization
Dynamic and Adaptive Calling Context Encoding
Proceedings of Annual IEEE/ACM International Symposium on Code Generation and Optimization
Generating profile-based signatures for online intrusion and failure detection
Information and Software Technology
Hi-index | 0.00 |
The call stack of a program execution can be a very goodinformation source for intrusion detection. There is no priorwork on dynamically extracting information from call stackand effectively using it to detect exploits. In this paper, wepropose a new method to do anomaly detection using callstack information. The basic idea is to extract return addressesfrom the call stack, and generate abstract executionpath between two program execution points. Experimentsshow that our method can detect some attacks thatcannot be detected by other approaches, while its convergenceand false positive performance is comparable to orbetter than the other approaches. We compare our methodwith other approaches by analyzing their underlying principlesand thus achieve a better characterization of theirperformance, in particular, on what and why attacks will bemissed by the various approaches.