research-article

Intrusion Detection via System Call Traces

Authors:

Andrew P. Kosoresow,

Steven A. HofmeyrAuthors Info & Claims

IEEE Software, Volume 14, Issue 5

Pages 35 - 42

https://doi.org/10.1109/52.605929

Published: 01 September 1997 Publication History

Publisher Site

Abstract

Computer use leaves trails of activity that can reveal signatures of misuse as well as of legitimate activity. Depending on the audit method used, one can record a user's keystrokes, the system resources used, or the system calls made by some collection of processes. The authors have done preliminary work on the analysis of system call traces, particularly their structure during normal and anomalous behavior, and have found the anomalies to be temporally localized. These techniques could eventually lead to an effective, automatic analysis and monitoring system, and might even be extensible to handle other kinds of anomalous behavior.

References

[1]

S. Forrest, et al., "A Sense of Self for Unix Processes," Proc. 1996 IEEE Symp. Security and Privacy, IEEE Computer Soc. Press, Los Alamitos, Calif., 1996, pp. 120-128.

Digital Library

Google Scholar

[2]

I. Goldberg, et al., "A Secure Environment for Untrusted Helper Applications: Confining the Wily Hacker," 6th Usenix Security Symp., Usenix Assoc., Berkeley, Calif., 1996, pp. 1-13.

Digital Library

Google Scholar

[3]

8LGM, {8lgm}-Advisory-22.UNIX.syslog.-Aug-1995, http://www.8lgm.org/advisories.html.

Google Scholar

[4]

CERT, Syslog Vulnerability-A Workaround for Sendmail, ftp://info.cert.org/pub/cert_advisories/CA-95:13.syslog.vul, Oct. 19 1995.

Google Scholar

[5]

D.E. Denning, Cryptography and Data Security, Addison Wesley Longman, Reading, Mass., 1992.

Digital Library

Google Scholar

[6]

H.S. Teng K. Chen and S.C. Lu, "Security Audit Trail Analysis Using Inductively Generated Predictive Rules," Proc. Sixth Conf. Artificial Intelligence Applications, IEEE, Piscataway, N.J., March 1990, pp. 24-29.

Digital Library

Google Scholar

[7]

G. Liepens and H. Vaccaro, "Intrusion Detection: Its Role and Validation," Computers and Security, Vol. 11, 1992, pp. 347-355.

Digital Library

Google Scholar

[8]

K.L. Fox, et al., "A Neural Network Approach Towards Intrusion Detection," Proc. 13th Nat'l Computer Security Conf., Nat'l Inst. Standards and Technology, Washington, D.C., 1990, pp. 125-134.

Google Scholar

[9]

C. Ko G. Fink and K. Levitt, "Automated Detection of Vulnerabilities in Privileged Programs by Execution Monitoring," Proc. 10th Annual Computer Security Applications Conf., IEEE Computer Soc. Press, Los Alamitos, Calif., 1994, pp. 134-144.

Google Scholar

[10]

B. Mukherjee L.T. Heberlein and K. N. Levitt, "Network Intrusion Detection," IEEE Network, May-June 1994, pp. 26-41.

Google Scholar

[11]

T.F. Lunt, et al., A Real-Time Intrusion Detection Expert System (IDES), tech. report, Computer Science Laboratory, SRI Int'l, Menlo Park, Calif., Feb. 1992.

Google Scholar

[12]

S. Kumar and E.H. Spafford, A Software Architecture to Support Misuse Intrusion Detection, Tech. Report CSD-TR-95-009, Dept. of Computer Sciences, Purdue Univ., W. Lafayette, Ind., Mar. 1995.

Google Scholar

[13]

I. Goldberg, et al., "A Secure Environment for Untrusted Helper Applications: Confining the Wily Hacker," 6th Usenix Security Symp., Usenix Assoc., Berkeley, Calif., 1996, pp. 1-13.

Digital Library

Google Scholar

Cited By

View all

Ezeme OMahmoud QAzim A(2022)A Framework for Anomaly Detection in Time-Driven and Event-Driven Processes Using Kernel TracesIEEE Transactions on Knowledge and Data Engineering10.1109/TKDE.2020.297846934:1(1-14)Online publication date: 1-Jan-2022
https://dl.acm.org/doi/10.1109/TKDE.2020.2978469
Ring JVan Oort CDurst SWhite VNear JSkalka C(2021)Methods for Host-based Intrusion Detection with Deep LearningDigital Threats: Research and Practice10.1145/34614622:4(1-29)Online publication date: 15-Oct-2021
https://dl.acm.org/doi/10.1145/3461462
Aldini ALa Marra AMartinelli FSaracino A(2021)Ask a(n)droid to tell you the odds: probabilistic security-by-contract for mobile devicesSoft Computing - A Fusion of Foundations, Methodologies and Applications10.1007/s00500-020-05299-425:3(2295-2314)Online publication date: 1-Feb-2021
https://dl.acm.org/doi/10.1007/s00500-020-05299-4
Show More Cited By

Recommendations

A hybrid intrusion detection system
Divided two-part adaptive intrusion detection system

The main objective of this paper is to design a more complete intrusion detection system solution. The paper presents an efficient approach for reducing the rate of alerts using divided two-part adaptive intrusion detection system (DTPAIDS). The ...
Intrusion Detection System: A Comparative Study of Machine Learning-Based IDS

The use of encrypted data, the diversity of new protocols, and the surge in the number of malicious activities worldwide have posed new challenges for intrusion detection systems (IDS). In this scenario, existing signature-based IDS are not performing ...

Comments

Information & Contributors

Information

Published In

IEEE Software Volume 14, Issue 5

September 1997

104 pages

ISSN:0740-7459

Issue’s Table of Contents

Publisher

IEEE Computer Society Press

Washington, DC, United States

Publication History

Published: 01 September 1997

Qualifiers

Research-article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

36
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 04 Oct 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Ezeme OMahmoud QAzim A(2022)A Framework for Anomaly Detection in Time-Driven and Event-Driven Processes Using Kernel TracesIEEE Transactions on Knowledge and Data Engineering10.1109/TKDE.2020.297846934:1(1-14)Online publication date: 1-Jan-2022
https://dl.acm.org/doi/10.1109/TKDE.2020.2978469
Ring JVan Oort CDurst SWhite VNear JSkalka C(2021)Methods for Host-based Intrusion Detection with Deep LearningDigital Threats: Research and Practice10.1145/34614622:4(1-29)Online publication date: 15-Oct-2021
https://dl.acm.org/doi/10.1145/3461462
Aldini ALa Marra AMartinelli FSaracino A(2021)Ask a(n)droid to tell you the odds: probabilistic security-by-contract for mobile devicesSoft Computing - A Fusion of Foundations, Methodologies and Applications10.1007/s00500-020-05299-425:3(2295-2314)Online publication date: 1-Feb-2021
https://dl.acm.org/doi/10.1007/s00500-020-05299-4
Bridges RGlass-Vanderlan TIannacone MVincent MChen Q(2019)A Survey of Intrusion Detection Systems Leveraging Host DataACM Computing Surveys10.1145/334438252:6(1-35)Online publication date: 14-Nov-2019
https://dl.acm.org/doi/10.1145/3344382
Shu XYao DRamakrishnan NJaeger T(2017)Long-Span Program Behavior Modeling and Attack DetectionACM Transactions on Privacy and Security10.1145/310576120:4(1-28)Online publication date: 20-Sep-2017
https://dl.acm.org/doi/10.1145/3105761
Sentanoe STaubmann BReiser H(2017)Virtual Machine Introspection Based SSH HoneypotProceedings of the 4th Workshop on Security in Highly Connected IT Systems10.1145/3099012.3099016(13-18)Online publication date: 19-Jun-2017
https://dl.acm.org/doi/10.1145/3099012.3099016
Chen YKhandaker MWang ZKarri RSinanoglu OSadeghi AYi X(2017)Pinpointing VulnerabilitiesProceedings of the 2017 ACM on Asia Conference on Computer and Communications Security10.1145/3052973.3053033(334-345)Online publication date: 2-Apr-2017
https://dl.acm.org/doi/10.1145/3052973.3053033
Shu XYao DWeippl EKatzenbeisser SKruegel CMyers AHalevi S(2016)Program Anomaly DetectionProceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security10.1145/2976749.2976750(1853-1854)Online publication date: 24-Oct-2016
https://dl.acm.org/doi/10.1145/2976749.2976750
Shu XYao DRamakrishnan NRay ILi NKruegel C(2015)Unearthing Stealthy Program Attacks Buried in Extremely Long Execution PathsProceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security10.1145/2810103.2813654(401-413)Online publication date: 12-Oct-2015
https://dl.acm.org/doi/10.1145/2810103.2813654
Xue YWang JLiu YXiao HSun JChandramohan MYoung MXie T(2015)Detection and classification of malicious JavaScript via attack behavior modellingProceedings of the 2015 International Symposium on Software Testing and Analysis10.1145/2771783.2771814(48-59)Online publication date: 13-Jul-2015
https://dl.acm.org/doi/10.1145/2771783.2771814
Show More Cited By

Abstract

References

Cited By

Recommendations

A hybrid intrusion detection system

Divided two-part adaptive intrusion detection system

Intrusion Detection System: A Comparative Study of Machine Learning-Based IDS

Comments

Information

Published In

Publisher

Publication History

Qualifiers

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

View options

Figures

Other

Share

Share this Publication link

Share on social media

Affiliations