A Sense of Self for Unix Processes

@inproceedings{Forrest1996ASO,
  title={A Sense of Self for Unix Processes},
  author={Stephanie Forrest and Steven A. Hofmeyr and Anil Somayaji and Thomas A. Longstaff},
  booktitle={IEEE Symposium on Security and Privacy},
  year={1996}
}
A method for anomaly detection is introduced in which ``normal'' is defined by short-range correlations in a process' system calls. Initial experiments suggest that the definition is stable during normal behavior for standard UNIX programs. Further, it is able to detect several common intrusions involving sendmail and lpr. This work is part of a research program aimed at building computer security systems that incorporate the mechanisms and algorithms used by natural immune systems. 
Highly Influential
This paper has highly influenced 123 other papers. REVIEW HIGHLY INFLUENTIAL CITATIONS
Highly Cited
This paper has 2,100 citations. REVIEW CITATIONS
1,192 Citations
3 References
Similar Papers

Citations

Publications citing this paper.
Showing 1-10 of 1,192 extracted citations

2,100 Citations

050100150'96'01'07'13
Citations per Year
Semantic Scholar estimates that this publication has 2,100 citations based on the available data.

See our FAQ for additional information.

References

Publications referenced by this paper.
Showing 1-3 of 3 references

A real-time intrusion detection expert system (IDES) — final technical report

  • T. Lunt, A. Tamaru, +5 authors T. Garvey
  • Computer Science Laboratory, SRI International,
  • 1992
Highly Influential
4 Excerpts

Similar Papers

Loading similar papers…