Lightweight intrusion detection for networked operating systems

Lightweight intrusion detection for networked operating systems

Cached

Download Links

by Steven A. Hofmeyr , Stephanie Forrest , Anil Somayaji

Citations:

BibTeX

@MISC{Hofmeyr_lightweightintrusion,
    author = {Steven A. Hofmeyr and Stephanie Forrest and Anil Somayaji},
    title = {Lightweight intrusion detection for networked operating systems},
    year = {}
}

Bookmark

OpenURL

Abstract

We describe a method for intrusion detection at the level of privileged processes. We present evidence that short sequences of system calls executed by running processes are a good discriminator between normal and abnormal operating characteristics of several common UNIX programs. Normal behavior is collected in two ways: Synthetically, by exercising as many normal modes of usage of a program as possible, and in a live user environment by tracing the actual execution of the program. In the former case we study several types of intrusive behavior; in the latter case, we analyze our results for false positives. 1.

Citations

1783	An Introduction to the Bootstrap - Tibshirani, R - 1993
462	Cryptographyand Data Security - Denning - 1982
457	A sense of self for unix processes - Forrest, Hofmeyr, et al. - 1996
221	An Intrusion Detection Model - Denning - 1987
185	The Design and Implementation of Tripwire: A File System Integrity Checker - Kim, Spafford - 1994
140	Building diverse computer systems - Forrest, Somayaji, et al. - 1997
123	A network security monitor - HEBERLEIN, DIAS, et al. - 1990
123	Classification and detection of computer intrusions - Kumar - 1995
104	Automated detection of vulnerabilities in privileged programs by execution monitoring - KO, FINK, et al. - 1994
96	An Immunological Approach to Change Detection: Algorithm, Analysis and Implication - D’haeseleer - 1996
90	Next generation intrusion detection expert system (NIDES): User manual for security officer user interface (SOUI)," technical report - Anderson - 1993
90	A Biologically Inspired Immune System for Computers - Kephart - 1994
86	The COPS security checker system - Farmer, Spafford - 1990
67	Adaptive real-time anomaly detection using inductively generated sequential patterns - Teng, Chen, et al.
62	The architecture of a network level intrusion detection system.Technical report - Heady, Luger, et al. - 1990
61	Defending a computer system using autonomous agents - Crosbie, Spafford - 1995
59	Artificial intelligence and intrusion detection: Current and future directions - Frank - 1994
59	NADIR “An automated system for detection network intrusion and misuse” , Cpmputers and Security - Jackson, Stallings, et al.
58	An Application of Pattern Matching in Intrusion Detection - KUMAR, SPAFFORD - 1994
49	Detecting Intruders in Computer Systems - LUNT - 1993
44	A neural network approach towards intrusion detection - Fox, Henning, et al. - 1990
11	Misuse detection tools - Smaha, Winslow - 1994
10	Improving the security of your site by breaking into it - Farmer, Venema - 1993
9	A Real-Time Intrusion Detection Expert - Lunt, Tamura, et al. - 1992
5	Countering abuse of name-based authentication - Schuba, Spafford - 1994
4	Internet Security Monitor: An Intrusion Detection System for Large Scale Networks - Heberlein, Mukherjee, et al. - 1992
3	Syslog vulnerability - a workaround for sendmail. Ftp://info.cert.org/pub/ cert_advisories/ CA-95:13.syslog.vul - CERT - 1995
3	Intrusion Detection: Its Role and Validation - Liepens, Vaccaro - 1992
3	Hofmeyr S A, Forrest S. Principles of a computer immune system - Somayaji - 1997
2	Hofmeyr S A, Somajayi A. Computer Immunology - Forrest - 1997
2	Perelson A S, Allen L, Cherukuri R. Self-Nonself discrimination in a Computer - Forrest - 1994
2	R A, Porras Ph A. State Transition Analysis: A Rule-Based Intrusion Detection Approach - Kemmerer - 1995