Name
Abstract | ||
|---|---|---|
Attacks against privileged applications can be detected by analyzing the stream of system calls issued during process execution. In the last few years, several approaches have been proposed to detect anomalous system calls. These approaches are mostly based on modeling acceptable system call sequences. Unfortunately, the techniques proposed so far are either vulnerable to certain evasion attacks or are too expensive to be practical. This paper presents a novel approach to the analysis of system calls that uses a composition of dynamic analysis and learning techniques to characterize anomalous system call invocations in terms of both the invocation context and the parameters passed to the system calls. Our technique provides a more precise detection model with respect to solutions proposed previously, and, in addition, it is able to detect data modification attacks, which cannot be detected using only system call sequence analysis. |
Year | DOI | Venue |
|---|---|---|
2007 | 10.1007/978-3-540-74320-0_1 | RAID |
Keywords | Field | DocType |
acceptable system call sequence,novel approach,anomalous system call invocation,system call sequence analysis,certain evasion attack,dynamic analysis,system call,invocation context,data modification attack,anomalous system call,exploiting execution context,intrusion detection system,intrusion detection | Computer security,Computer science,Real-time computing,Anomaly-based intrusion detection system,System call,Intrusion detection system | Conference |
Volume | ISSN | ISBN |
4637 | 0302-9743 | 3-540-74319-7 |
Citations | PageRank | References |
30 | 0.83 | 22 |
Authors | ||
4 | ||
Name | Order | Citations | PageRank |
|---|---|---|---|
| Darren Mutz | 1 | 533 | 33.58 |
| William Robertson | 2 | 1762 | 123.11 |
| Giovanni Vigna | 3 | 7121 | 507.72 |
| Richard Kemmerer | 4 | 449 | 25.88 |