Intrusion Detection via Static Analysis (2001) [190 citations — 1 self]
http://www.cs.berkeley.edu/~daw/papers/ids-oakland
http://www.cs.berkeley.edu/~daw/papers/ids-oakland
http://www.cs.jhu.edu/~fabian/courses/CS600.424/co
http://www.scs.carleton.ca/~soma/id-2007w/readings
DBLP
CACHED:
|
Popular Tags
No tags have been applied to this document.
BibTeX | Add To MetaCart
author = {David Wagner and Drew Dean},
title = {Intrusion Detection via Static Analysis},
year = {2001}
}
Years of Citing Articles
Bookmarks
OpenURL
Abstract:
One of the primary challenges in intrusion detection is modelling typical application behavior, so that we can recognize attacks by their atypical effects without raising too many false alarms. We show how static analysis may be used to automatically derive a model of application behavior. The result is a host-based intrusion detection system with three advantages: a high degree of automation, protection against a broad class of attacks based on corrupted code, and the elimination of false alarms. We report on our experience with a prototype implementation of this technique. 1. Introduction Computer security has undergone a major renaissance in the last five years. Beginning with Sun's introduction of the Java language and its support of mobile code in 1995, programming languages have been a major focus of security research. Many papers have been published applying programming language theory to protection problems [25, 24], especially information flow [17]. Security, however, is a ma...
