• DocumentCode
    845878
  • Title

    Analysis of Computer Intrusions Using Sequences of Function Calls

  • Author

    Peisert, Sean ; Bishop, Matt ; Karin, Sidney ; Marzullo, Keith

  • Author_Institution
    Dept. of Comput. Sci. & Eng., California Univ., San Diego, CA
  • Volume
    4
  • Issue
    2
  • fYear
    2007
  • Firstpage
    137
  • Lastpage
    150
  • Abstract
    This paper demonstrates the value of analyzing sequences of function calls for forensic analysis. Although this approach has been used for intrusion detection (that is, determining that a system has been attacked), its value in isolating the cause and effects of the attack has not previously been shown. We also look for not only the presence of unexpected events but also the absence of expected events. We tested these techniques using reconstructed exploits in su, ssh, and lpr, as well as proof-of-concept code, and, in all cases, were able to detect the anomaly and the nature of the vulnerability.
  • Keywords
    security of data; anomaly detection; computer intrusion detection; forensic analysis; function call sequence; unauthorized access; Computer aided instruction; Computer crime; Computer security; Forensics; Humans; Information security; Intrusion detection; Kernel; Needles; Testing; Security; anomaly detection; auditing; design; forensic analysis; hacking).; intrusion detection; logging; management; unauthorized access (for example;
  • fLanguage
    English
  • Journal_Title
    Dependable and Secure Computing, IEEE Transactions on
  • Publisher
    ieee
  • ISSN
    1545-5971
  • Type

    jour

  • DOI
    10.1109/TDSC.2007.1003
  • Filename
    4198178
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=845878