A sense of self for Unix processes
Top Cited Papers
- 23 December 2002
- proceedings article
- Published by Institute of Electrical and Electronics Engineers (IEEE)
Abstract
A method for anomaly detection is introduced in which ``normal'' is defined by short-range correlations in a process' system calls. Initial experiments suggest that the definition is stable during normal behavior for standard UNIX programs. Further, it is able to detect several common intrusions involving sendmail and lpr. This work is part of a research program aimed at building computer security systems that incorporate the mechanisms and algorithms used by natural immune systems.Keywords
This publication has 5 references indexed in Scilit:
- Property-based testing of privileged programsPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2002
- Self-nonself discrimination in a computerPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2002
- Automated detection of vulnerabilities in privileged programs by execution monitoringPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2002
- Security audit trail analysis using inductively generated predictive rulesPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2002
- Using Genetic Algorithms to Explore Pattern Recognition in the Immune SystemEvolutionary Computation, 1993