Application intrusion detection using language library calls
作者: A.K. Jones , Yu Lin
DOI: 10.1109/ACSAC.2001.991561
关键词:
摘要: Traditionally, intrusion detection systems detect intrusions at the operating system (OS) level. We explore possibility of detecting application level by using rich semantics. use short sequences language library calls as signatures. consider call signatures to be more application-oriented than because they are a direct reflection code. Most applications written in higher-level with an associated support such C or C++. hypothesize that can used attacks cause perturbation hopeful this technique will amenable carried out internal intruders, who viewed legitimate users system.
acsac.org参考文章(5)
R. Heady, G. Luger, A. Maccabe, M. Servilla, The architecture of a network level intrusion detection system Other Information: PBD: 15 Aug 1990. ,(1990) , 10.2172/425295
Steven A. Hofmeyr, Stephanie Forrest, Anil Somayaji, Intrusion detection using sequences of system calls Journal of Computer Security. ,vol. 6, pp. 151- 180 ,(1998) , 10.3233/JCS-980109
Matthew Stillerman, Carla Marceau, Maureen Stillman, Intrusion detection for distributed applications Communications of The ACM. ,vol. 42, pp. 62- 69 ,(1999) , 10.1145/306549.306577
Stephanie Forrest, Steven A. Hofmeyr, Anil Somayaji, Computer immunology Communications of The ACM. ,vol. 40, pp. 88- 96 ,(1997) , 10.1145/262793.262811
S. Forrest, S.A. Hofmeyr, A. Somayaji, T.A. Longstaff, A Sense of Self for Unix Processes Scientific Programming. ,(1996) , 10.1109/SECPRI.1996.502675