Intrusion detection via system call traces
AP Kosoresow, SA Hofmeyer - IEEE software, 1997 - ieeexplore.ieee.org
AP Kosoresow, SA Hofmeyer
IEEE software, 1997•ieeexplore.ieee.orgUnusual behavior in computer systems can be detected by monitoring the system calls
being executed by programs. Analysis of the temporal ordering of these calls reveals that
such anomalies are localized within traces and that normal program behavior can be
described compactly using deterministic finite automata. This article presents preliminary
work in analyzing system call traces, particularly their structure during normal and
anomalous behavior.
being executed by programs. Analysis of the temporal ordering of these calls reveals that
such anomalies are localized within traces and that normal program behavior can be
described compactly using deterministic finite automata. This article presents preliminary
work in analyzing system call traces, particularly their structure during normal and
anomalous behavior.
Unusual behavior in computer systems can be detected by monitoring the system calls being executed by programs. Analysis of the temporal ordering of these calls reveals that such anomalies are localized within traces and that normal program behavior can be described compactly using deterministic finite automata. This article presents preliminary work in analyzing system call traces, particularly their structure during normal and anomalous behavior.
ieeexplore.ieee.org