IEEE Transactions on Software Engineering - Special issue on computer security and privacy
Trace: a tool for logging operating system call transactions
ACM SIGOPS Operating Systems Review
Communications of the ACM
Anomaly detection: a soft computing approach
NSPW '94 Proceedings of the 1994 workshop on New security paradigms
UFO: a personal global file system based on user-level extensions to the operating system
ACM Transactions on Computer Systems (TOCS)
A framework for constructing features and models for intrusion detection systems
ACM Transactions on Information and System Security (TISSEC)
Windows NT/2000 Native API Reference
Windows NT/2000 Native API Reference
Intrusion Detection via System Call Traces
IEEE Software
Statistical Foundations of Audit Trail Analysis for the Detection of Computer Misuse
IEEE Transactions on Software Engineering
ASAX: Software Architecture and Rule-Based Language for Universal Audit Trail Analysis
ESORICS '92 Proceedings of the Second European Symposium on Research in Computer Security
A Tool for Pro-active Defense Against the Buffer Overrun Attack
ESORICS '98 Proceedings of the 5th European Symposium on Research in Computer Security
Detecting Manipulated Remote Call Streams
Proceedings of the 11th USENIX Security Symposium
Using Programmer-Written Compiler Extensions to Catch Security Holes
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
A Fast Automaton-Based Method for Detecting Anomalous Program Behaviors
SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
Intrusion Detection via Static Analysis
SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
Information-Theoretic Measures for Anomaly Detection
SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
GridBox: securing hosts from malicious and greedy applications
MGC '04 Proceedings of the 2nd workshop on Middleware for grid computing
Snort - Lightweight Intrusion Detection for Networks
LISA '99 Proceedings of the 13th USENIX conference on System administration
Detecting and countering system intrusions using software wrappers
SSYM'00 Proceedings of the 9th conference on USENIX Security Symposium - Volume 9
A study in using neural networks for anomaly and misuse detection
SSYM'99 Proceedings of the 8th conference on USENIX Security Symposium - Volume 8
StackGuard: automatic adaptive detection and prevention of buffer-overflow attacks
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
A secure environment for untrusted helper applications confining the Wily Hacker
SSYM'96 Proceedings of the 6th conference on USENIX Security Symposium, Focusing on Applications of Cryptography - Volume 6
A user-mode port of the linux kernel
ALS'00 Proceedings of the 4th annual Linux Showcase & Conference - Volume 4
Detours: binary interception of Win32 functions
WINSYM'99 Proceedings of the 3rd conference on USENIX Windows NT Symposium - Volume 3
Intrusion detection using sequences of system calls
Journal of Computer Security
Hi-index | 0.00 |
Intrusion detection has emerged as an important approach to network, host and application security. Network security includes analysing network packet payload and other inert network packet profiles for intrusive trends; whereas, host security may employ system logs for intrusion detection. In this paper, we contribute to the research community by tackling application security and attempt to detect intrusion via differentiating normal and abnormal application behaviour. A method for anomaly intrusion detection for applications is proposed based on deterministic system call traces derived from a monitored target application's dynamic link libraries (DLLs). We isolate associated DLLs of a monitored target application; log system call traces of the application in real time and use heuristic method to detect intrusion before the application is fully compromised. Our investigative research experiment methodology and set-up are reported, alongside our experimental procedure and results that show our research effort is effective and efficient, and can be used in practice to monitor a target application in real time.