Title :
Intrusion detection via system call traces
Author :
Kosoresow, Andrew P. ; Hofmeyer, S.A.
Author_Institution :
New Mexico State Univ., NM, USA
Abstract :
Unusual behavior in computer systems can be detected by monitoring the system calls being executed by programs. Analysis of the temporal ordering of these calls reveals that such anomalies are localized within traces and that normal program behavior can be described compactly using deterministic finite automata. This article presents preliminary work in analyzing system call traces, particularly their structure during normal and anomalous behavior
Keywords :
deterministic automata; finite automata; macros; security of data; system monitoring; deterministic finite automata; intrusion detection; macros; program behavior; system call traces; system monitoring; temporal ordering; unusual system behavior; Automata; Computerized monitoring; Databases; Intrusion detection; Monitoring; Packaging; Postal services;
Journal_Title :
Software, IEEE
