Intrusion Detection Using Sequences of System Calls

@article{Hofmeyr1998IntrusionDU,
  title={Intrusion Detection Using Sequences of System Calls},
  author={Steven A. Hofmeyr and Stephanie Forrest and Anil Somayaji},
  journal={Journal of Computer Security},
  year={1998},
  volume={6},
  pages={151-180}
}
A method is introduced for detecting intrusions at the level of privileged processes. Evidence is given that short sequences of system calls executed by running processes are a good discriminator between normal and abnormal operating characteristics of several common UNIX programs. Normal behavior is collected in two waysc Synthetically, by exercising as many normal modes of usage of a program as possible, and in a live user environment by tracing the actual execution of the program. In the… CONTINUE READING

Similar Papers

Citations

Publications citing this paper.
SHOWING 1-10 OF 901 CITATIONS, ESTIMATED 93% COVERAGE

Total ADS: Automated Software Anomaly Detection System

  • 2014 IEEE 14th International Working Conference on Source Code Analysis and Manipulation
  • 2014
VIEW 14 EXCERPTS
CITES BACKGROUND & METHODS
HIGHLY INFLUENCED

Advances in Digital Forensics XIII

  • IFIP Advances in Information and Communication Technology
  • 2017
VIEW 8 EXCERPTS
CITES BACKGROUND
HIGHLY INFLUENCED

Combining heterogeneous anomaly detectors for improved software security

VIEW 4 EXCERPTS
CITES BACKGROUND & METHODS
HIGHLY INFLUENCED

Establishing Findings in Digital Forensic Examinations: A Case Study Method

  • IFIP Int. Conf. Digital Forensics
  • 2017
VIEW 8 EXCERPTS
CITES BACKGROUND
HIGHLY INFLUENCED

Hardware and Software: Verification and Testing

VIEW 8 EXCERPTS
CITES METHODS, BACKGROUND & RESULTS
HIGHLY INFLUENCED

Intrusion detection techniques in cloud environment: A survey

  • J. Network and Computer Applications
  • 2017
VIEW 8 EXCERPTS
CITES METHODS
HIGHLY INFLUENCED

Hardware and Software: Verification and Testing

  • Lecture Notes in Computer Science
  • 2016
VIEW 8 EXCERPTS
CITES METHODS, BACKGROUND & RESULTS
HIGHLY INFLUENCED

Power-Aware Design Techniques of Secure Multimode Embedded Systems

  • ACM Trans. Embedded Comput. Syst.
  • 2016
VIEW 4 EXCERPTS
CITES METHODS
HIGHLY INFLUENCED

Dynamical System Theory for the Detection of Anomalous Behavior in Computer Programs

  • IEEE Transactions on Systems, Man, and Cybernetics, Part C (Applications and Reviews)
  • 2012
VIEW 4 EXCERPTS
CITES BACKGROUND & METHODS
HIGHLY INFLUENCED

Intrusion Detection Models Based on Data Mining

  • Int. J. Comput. Intell. Syst.
  • 2012
VIEW 4 EXCERPTS
CITES BACKGROUND & METHODS
HIGHLY INFLUENCED

FILTER CITATIONS BY YEAR

1998
2019

CITATION STATISTICS

  • 89 Highly Influenced Citations

  • Averaged 27 Citations per year over the last 3 years

References

Publications referenced by this paper.
SHOWING 1-10 OF 27 REFERENCES