Intrusion detection using sequences of system calls
- 1 July 1998
- journal article
- Published by SAGE Publications in Journal of Computer Security
- Vol. 6 (3) , 151-180
- https://doi.org/10.3233/jcs-980109
Abstract
A method is introduced for detecting intrusions at the level of privileged processes. Evidence is given that short sequences of system calls executed by running processes are a good discriminator between normal and abnormal operating characteristicsKeywords
This publication has 9 references indexed in Scilit:
- Computer immunologyCommunications of the ACM, 1997
- Principles of a computer immune systemPublished by Association for Computing Machinery (ACM) ,1997
- State transition analysis: a rule-based intrusion detection approachIEEE Transactions on Software Engineering, 1995
- A Biologically Inspired Immune System for ComputersPublished by MIT Press ,1994
- The design and implementation of tripwirePublished by Association for Computing Machinery (ACM) ,1994
- NADIR: An automated system for detecting network intrusion and misuseComputers & Security, 1993
- An Introduction to the BootstrapPublished by Springer Nature ,1993
- A network security monitorPublished by Office of Scientific and Technical Information (OSTI) ,1989
- An Intrusion-Detection ModelIEEE Transactions on Software Engineering, 1987