This paper investigates the use of sequences of system calls for classifying intrusions and faults induced by privileged processes in Unix. Classification is an essential capability for …
AP Kosoresow, SA Hofmeyer - IEEE software, 1997 - ieeexplore.ieee.org
Unusual behavior in computer systems can be detected by monitoring the system calls being executed by programs. Analysis of the temporal ordering of these calls reveals that …
C Warrender, S Forrest… - Proceedings of the 1999 …, 1999 - ieeexplore.ieee.org
Intrusion detection systems rely on a wide variety of observable data to distinguish between legitimate and illegitimate activities. We study one such observable-sequences of system …
A new approach, based on the k-Nearest Neighbor (kNN) classifier, is used to classify program behavior as normal or intrusive. Program behavior, in turn, is represented by …
C Marceau - Proceedings of the 2000 workshop on New security …, 2001 - dl.acm.org
Some recent advances in intrusion detection are based on detecting anomalies in program behavior, as characterized by the sequence of kernel calls the program makes. Specifically …
A new approach, based on the k-Nearest Neighbor (kNN) classifier, is used to classify program behavior as normal or intrusive. Short sequences of system calls have been used …
The ability to detect intruders in computer systems increases in importance as computers are increasingly integrated into the systems that we rely on for the correct functioning of society …
F Apap, A Honig, S Hershkop, E Eskin… - Recent Advances in …, 2002 - Springer
We present a host-based intrusion detection system (IDS) for Microsoft Windows. The core of the system is an algorithm that detects attacks on a host machine by looking for anomalous …
M Bernaschi, E Gabrielli, LV Mancini - … of the 7th ACM conference on …, 2000 - dl.acm.org
We propose a cost-effective mechanism, to control the invocation of critical, from the security viewpoint, system calls. The integration into existing UNIX operating systems is carried out …