Gray-Box Anomaly Detection using System Call Monitoring

@inproceedings{Gao2007GrayBoxAD,
  title={Gray-Box Anomaly Detection using System Call Monitoring},
  author={Debin Gao},
  year={2007}
}
Many host-based anomaly detection systems monitor a process by observing the system calls it makes, and comparing these calls to a model of normal behavior for the program that the process is executing. In this thesis we explore two novel approaches for constructing the normal behavior model for anomaly detection. We introduce execution graph, which is the first model that both requires no static analysis of the program source or binary, and conforms to the control flow graph of the program… CONTINUE READING