Proceedings ArticleDOI
A Sense of Self for Unix Processes
TLDR
In this paper, a method for anomaly detection is introduced in which ''normal'' is defined by short-range correlations in a process' system calls and the definition is stable during normal behavior for standard UNIX programs.Abstract:
A method for anomaly detection is introduced in which ``normal'' is defined by short-range correlations in a process' system calls. Initial experiments suggest that the definition is stable during normal behavior for standard UNIX programs. Further, it is able to detect several common intrusions involving sendmail and lpr. This work is part of a research program aimed at building computer security systems that incorporate the mechanisms and algorithms used by natural immune systems.read more
Citations
More filters
Journal ArticleDOI
Basic concepts and taxonomy of dependable and secure computing
TL;DR: The aim is to explicate a set of general concepts, of relevance across a wide range of situations and, therefore, helping communication and cooperation among a number of scientific and technical communities, including ones that are concentrating on particular types of system, of system failures, or of causes of systems failures.
Proceedings ArticleDOI
Detecting intrusions using system calls: alternative data models
TL;DR: This work compares the ability of different data modeling methods to represent normal behavior accurately and to recognize intrusions and concludes that for this particular problem, weaker methods than HMMs are likely sufficient.
Proceedings ArticleDOI
Adversarial machine learning
TL;DR: In this article, the authors discuss an emerging field of study: adversarial machine learning (AML), the study of effective machine learning techniques against an adversarial opponent, and give a taxonomy for classifying attacks against online machine learning algorithms.
Book ChapterDOI
Anomalous Payload-Based Network Intrusion Detection
Ke Wang,Salvatore J. Stolfo +1 more
TL;DR: A payload-based anomaly detector, called PAYL, for intrusion detection that demonstrates the surprising effectiveness of the method on the 1999 DARPA IDS dataset and a live dataset the authors collected on the Columbia CS department network.
Journal ArticleDOI
Outlier Detection for Temporal Data: A Survey
TL;DR: A comprehensive and structured overview of a large set of interesting outlier definitions for various forms of temporal data, novel techniques, and application scenarios in which specific definitions and techniques have been widely used is provided.
References
More filters
Proceedings ArticleDOI
Self-nonself discrimination in a computer
TL;DR: A method for change detection which is based on the generation of T cells in the immune system is described, which reveals computational costs of the system and preliminary experiments illustrate how the method might be applied to the problem of computer viruses.
Journal ArticleDOI
Using genetic algorithms to explore pattern recognition in the immune system
TL;DR: The paper reports simulation experiments on two pattern-recognition problems that are relevant to natural immune systems and reviews the relation between the model and explicit fitness-sharing techniques for genetic algorithms, showing that the immune system model implements a form of implicit fitness sharing.
Proceedings ArticleDOI
Automated detection of vulnerabilities in privileged programs by execution monitoring
Calvin Ko,G. Fink,Karl Levitt +2 more
TL;DR: By tightly restricting the behavior of all privileged programs, exploitations of unknown vulnerabilities can be detected by monitoring their execution using audit trails, and a program policy specification language is described, which is based on simple predicate logic and regular expressions.
Proceedings ArticleDOI
Security audit trail analysis using inductively generated predictive rules
H.S. Teng,K. Chen,S.C. Lu +2 more
TL;DR: It is shown that the use of rule-based sequential patterns allows a security auditing system to capture characteristics of user behavior that may be otherwise intractable using traditional statistical approaches.
Proceedings ArticleDOI
Property-based testing of privileged programs
G. Fink,Karl Levitt +1 more
TL;DR: The Tester's Assistant is introduced, a collection of tools to mechanize the process of testing security-related C programs, and it is shown that a slice of a privileged program (rdist) with respect to its security specifications is quite small.