DocumentCode
3116357
Title
Intrusion detection via static analysis
Author
Wagner, David ; Dean, Drew
Author_Institution
California Univ., Berkeley, CA, USA
fYear
2001
fDate
2001
Firstpage
156
Lastpage
168
Abstract
One of the primary challenges in intrusion detection is modelling typical application behavior so that we can recognize attacks by their atypical effects without raising too many false alarms. We show how static analysis may be used to automatically derive a model of application behavior. The result is a host-based intrusion detection system with three advantages: a high degree of automation, protection against a broad class of attacks based on corrupted code, and the elimination of false alarms. We report on our experience with a prototype implementation of this technique
Keywords
network operating systems; program diagnostics; security of data; computer security; corrupted code; false alarms; host-based intrusion detection system; intrusion detection; mobile code; programming languages; static analysis; typical application behavior; Arm; Automation; Buffer overflow; Computer security; Information security; Intrusion detection; Java; Logic; Protection; Prototypes;
fLanguage
English
Publisher
ieee
Conference_Titel
Security and Privacy, 2001. S&P 2001. Proceedings. 2001 IEEE Symposium on
Conference_Location
Oakland, CA
ISSN
1081-6011
Print_ISBN
0-7695-1046-9
Type
conf
DOI
10.1109/SECPRI.2001.924296
Filename
924296
Link To Document