Application Intrusion Detection using Language Library Calls
نویسندگان
چکیده
Traditionally, intrusion detection systems detect intrusions at the operating system (OS) level. In this paper we explore the possibility of detecting intrusion at the application level by using rich application semantics. We use short sequences of language library calls as signatures. We consider library call signatures to be more application-oriented than system call signatures because they are a more direct reflection of application code. Most applications are written in a higher-level language with an associated support library, such as C or C++. We hypothesize that library call signatures can be used to detect attacks that cause perturbation in the application code. We are hopeful that this technique will be amenable to detecting attacks that are carried out by internal intruders, who are viewed as legitimate users by an operating system.
منابع مشابه
Intrusion Detection A Text Mining Based Approach
Intrusion Detection is one of major threats for organization. The approach of intrusion detection using text processing has been one of research interests which is gaining significant importance from researchers. In text mining based approach for intrusion detection, system calls serve as source for mining and predicting possibility of intrusion or attack. When an application runs, there might ...
متن کاملNetHost-sensor: Monitoring a target host's application via system calls
Intrusion detection has emerged as an important approach to network, host and application security. Network security includes analysing network packet payload and other inert network packet profiles for intrusive trends; whereas, host security may employ system logs for intrusion detection. In this paper, we contribute to the research community by tackling application security and attempt to de...
متن کاملAutomated Incremental Design of Flexible Intrusion Detection Systems on FPGAs
Intrusion detection for network security is a computeintensive application demanding high system performance. This paper presents a variety of strategies we have developed for the automatic synthesis of highly efficient intrusion detection systems. We create FPGA architectures using a high-level, graph-based partitioning methodology. We provide a library of performancecustomized architectures, ...
متن کاملDetecting malicious JavaScript
The increased use of the World Wide Web and JavaScript as a scripting language for Web pages have made JavaScript a popular attack vector for infecting users' machines with malware. Additionally, attackers often obfuscate their code to avoid detection, which heightens the challenge and complexity of automated defense systems. We present two analyses of malicious scripts and suggest how they cou...
متن کاملA Logical Framework for Plan Recognition for Intrusion Detection
This document describes the results of our work during the first two years of our PhD. studies. The aim of our PhD. thesis is the development of a methodology for automated intrusion detection based on attack plan recognition, and therefore, the design of a general framework for the characterization and theoretical investigation of the plan recognition problem in adversarial scenarios. In the A...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2001