A sense of self for Unix processes

A method for anomaly detection is introduced in which "normal" is defined by short-range correlations in a process' system calls. Initial experiments suggest that the definition is stable during normal behaviour for standard UNIX programs. Further; it is able to detect several common...

Full description

Saved in:
Bibliographic Details
Main Authors: Forrest, S., Hofmeyr, S.A., Somayaji, A., Longstaff, T.A.
Format: Conference Proceeding
Language:English
Subjects:
Biomembranes
Computer science
Computer security
Cryptography
Immune system
Operating systems
Protection
Robustness
Skin
Software engineering
Citations: Items that cite this one
Online Access:Request full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:A method for anomaly detection is introduced in which "normal" is defined by short-range correlations in a process' system calls. Initial experiments suggest that the definition is stable during normal behaviour for standard UNIX programs. Further; it is able to detect several common intrusions involving sendmail and 1pr. This work is part of a research program aimed at building computer security systems that incorporate the mechanisms and algorithms used by natural immune systems.
ISSN:1081-6011
2375-1207
DOI:10.1109/SECPRI.1996.502675