Title :
Application intrusion detection using language library calls
Author :
Jones, Anita K. ; Lin, Yu
Author_Institution :
Virginia Univ., Charlottesville, VA, USA
Abstract :
Traditionally, intrusion detection systems detect intrusions at the operating system (OS) level. We explore the possibility of detecting intrusion at the application level by using rich application semantics. We use short sequences of language library calls as signatures. We consider library call signatures to be more application-oriented than system call signatures because they are a more direct reflection of application code. Most applications are written in a higher-level language with an associated support library such as C or C++. We hypothesize that library call signatures can be used to detect attacks that cause perturbation in the application code. We are hopeful that this technique will be amenable to detecting attacks that are carried out by internal intruders, who are viewed as legitimate users by an operating system.
Keywords :
authorisation; message authentication; software libraries; application intrusion detection; code perturbation; internal intruders; language library calls; library call signatures; rich application semantics; Authorization; Availability; Databases; Intrusion detection; Libraries; Monitoring; Object detection; Operating systems; Reflection; Security;
Conference_Titel :
Computer Security Applications Conference, 2001. ACSAC 2001. Proceedings 17th Annual
Print_ISBN :
0-7695-1405-7
DOI :
10.1109/ACSAC.2001.991561
