Unicorn: Runtime provenance-based detector for advanced persistent threats
Advanced Persistent Threats (APTs) are difficult to detect due to their" low-and-slow" attack
patterns and frequent use of zero-day exploits. We present UNICORN, an anomaly-based …
patterns and frequent use of zero-day exploits. We present UNICORN, an anomaly-based …
[PDF][PDF] A virtual machine introspection based architecture for intrusion detection.
T Garfinkel, M Rosenblum - Ndss, 2003 - academia.edu
Today's architectures for intrusion detection force the IDS designer to make a difficult choice.
If the IDS resides on the host, it has an excellent view of what is happening in that host's …
If the IDS resides on the host, it has an excellent view of what is happening in that host's …
Mimicry attacks on host-based intrusion detection systems
D Wagner, P Soto - Proceedings of the 9th ACM Conference on …, 2002 - dl.acm.org
We examine several host-based anomaly detection systems and study their security against
evasion attacks. First, we introduce the notion of a mimicry attack, which allows a …
evasion attacks. First, we introduce the notion of a mimicry attack, which allows a …
[PDF][PDF] A survey of malware detection techniques
N Idika, AP Mathur - Purdue University, 2007 - profsandhu.com
Malware is a worldwide epidemic. Studies suggest that the impact of malware is getting
worse. Malware detectors are the primary tools in defense against malware. The quality of …
worse. Malware detectors are the primary tools in defense against malware. The quality of …
Information-theoretic measures for anomaly detection
W Lee, D Xiang - … 2001 IEEE Symposium on Security and …, 2000 - ieeexplore.ieee.org
Anomaly detection is an essential component of protection mechanisms against novel
attacks. We propose to use several information-theoretic measures, namely, entropy …
attacks. We propose to use several information-theoretic measures, namely, entropy …
Constructing attack scenarios through correlation of intrusion alerts
Traditional intrusion detection systems (IDSs) focus on low-level attacks or anomalies, and
raise alerts independently, though there may be logical connections between them. In …
raise alerts independently, though there may be logical connections between them. In …
Anomaly detection using call stack information
HH Feng, OM Kolesnikov, P Fogla… - 2003 Symposium on …, 2003 - ieeexplore.ieee.org
The call stack of a program execution can be a very good information source for intrusion
detection. There is no prior work on dynamically extracting information from the call stack …
detection. There is no prior work on dynamically extracting information from the call stack …
Behavioural biometrics: a survey and classification
RV Yampolskiy, V Govindaraju - International Journal of …, 2008 - inderscienceonline.com
This study is a survey and classification of the state-of-the-art in behavioural biometrics
which is based on skills, style, preference, knowledge, motor-skills or strategy used by …
which is based on skills, style, preference, knowledge, motor-skills or strategy used by …
User re-authentication via mouse movements
M Pusara, CE Brodley - Proceedings of the 2004 ACM workshop on …, 2004 - dl.acm.org
We present an approach to user re-authentication based on the data collected from the
computer's mouse device. Our underlying hypothesis is that one can successfully model …
computer's mouse device. Our underlying hypothesis is that one can successfully model …
Intrusion detection: A survey
A Lazarevic, V Kumar, J Srivastava - Managing cyber threats: Issues …, 2005 - Springer
This chapter provides the overview of the state of the art in intrusion detection research.
Intrusion detection systems are software and/or hardware components that monitor …
Intrusion detection systems are software and/or hardware components that monitor …