• DocumentCode
    2360174
  • Title

    Application intrusion detection using language library calls

  • Author

    Jones, Anita K. ; Lin, Yu

  • Author_Institution
    Virginia Univ., Charlottesville, VA, USA
  • fYear
    2001
  • fDate
    10-14 Dec. 2001
  • Firstpage
    442
  • Lastpage
    449
  • Abstract
    Traditionally, intrusion detection systems detect intrusions at the operating system (OS) level. We explore the possibility of detecting intrusion at the application level by using rich application semantics. We use short sequences of language library calls as signatures. We consider library call signatures to be more application-oriented than system call signatures because they are a more direct reflection of application code. Most applications are written in a higher-level language with an associated support library such as C or C++. We hypothesize that library call signatures can be used to detect attacks that cause perturbation in the application code. We are hopeful that this technique will be amenable to detecting attacks that are carried out by internal intruders, who are viewed as legitimate users by an operating system.
  • Keywords
    authorisation; message authentication; software libraries; application intrusion detection; code perturbation; internal intruders; language library calls; library call signatures; rich application semantics; Authorization; Availability; Databases; Intrusion detection; Libraries; Monitoring; Object detection; Operating systems; Reflection; Security;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Computer Security Applications Conference, 2001. ACSAC 2001. Proceedings 17th Annual
  • Print_ISBN
    0-7695-1405-7
  • Type

    conf

  • DOI
    10.1109/ACSAC.2001.991561
  • Filename
    991561
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=2360174