A method is introduced for detecting intrusions at the level of privileged processes. Evidence
is given that short sequences of system calls executed by running processes are a good …

This paper investigates the use of sequences of system calls for classifying intrusions and
faults induced by privileged processes in Unix. Classification is an essential capability for …

Unusual behavior in computer systems can be detected by monitoring the system calls
being executed by programs. Analysis of the temporal ordering of these calls reveals that …

Intrusion detection systems rely on a wide variety of observable data to distinguish between
legitimate and illegitimate activities. We study one such observable-sequences of system …

A new approach, based on the k-Nearest Neighbor (kNN) classifier, is used to classify
program behavior as normal or intrusive. Program behavior, in turn, is represented by …

Some recent advances in intrusion detection are based on detecting anomalies in program
behavior, as characterized by the sequence of kernel calls the program makes. Specifically …

A new approach, based on the k-Nearest Neighbor (kNN) classifier, is used to classify
program behavior as normal or intrusive. Short sequences of system calls have been used …

The ability to detect intruders in computer systems increases in importance as computers are
increasingly integrated into the systems that we rely on for the correct functioning of society …

We present a host-based intrusion detection system (IDS) for Microsoft Windows. The core of
the system is an algorithm that detects attacks on a host machine by looking for anomalous …

We propose a cost-effective mechanism, to control the invocation of critical, from the security
viewpoint, system calls. The integration into existing UNIX operating systems is carried out …