Methods, media, and systems for detecting an anomalous sequence of function calls
作者: Angelos D. Keromytis , Salvatore J. Stolfo
DOI:
关键词:
摘要: Methods, media, and systems for detecting an anomalous sequence of function calls are provided. The methods can include compressing a made by the execution program using compression model; determining presence in based on extent to which is compressed. further executing at least one known program; observing assigning each type call unique identifier; creating part model recording identifiers.
google.co.uk参考文章(319)
Christoph Cornelius Michael, System and method for mining execution traces with finite automata ,(2001)
Peter Honeyman, Niels Provos, Markus Friedl, Preventing privilege escalation usenix security symposium. pp. 16- 16 ,(2003)
David M. Chess, John F. Morar, William C. Arnold, Steve R. White, Morton Swimmer, Edward J. Pring, Anatomy of a Commercial-Grade Immune System ,(1999)
Nong Ye, A Markov Chain Model of Temporal Behavior for Anomaly Detection information assurance and security. ,(2000)
Aaron Schwartzbard, Anup K. Ghosh, A Study in the Feasibility of Performing Host-Based Anomaly Detection on Windows NT. recent advances in intrusion detection. ,(1999)
Robert Stone, Dug Song, Rob Malan, A Snapshot of Global Internet Worm Activity ,(2001)
Eric A. Brewer, David Wagner, Ian Goldberg, Randi Thomas, A secure environment for untrusted helper applications confining the Wily Hacker usenix security symposium. pp. 1- 1 ,(1996)
Daniel Barbará, Julia Couto, Sushil Jajodia, Ningning Wu, An Architecture for Anomaly Detection Applications of Data Mining in Computer Security. pp. 63- 76 ,(2002) , 10.1007/978-1-4615-0953-0_3
Debra Anderson, Thane Frivold, Alfonso Valdes, Next-generation Intrusion Detection Expert System (NIDES)A Summary ,(1997)