• DocumentCode
    3116357
  • Title

    Intrusion detection via static analysis

  • Author

    Wagner, David ; Dean, Drew

  • Author_Institution
    California Univ., Berkeley, CA, USA
  • fYear
    2001
  • fDate
    2001
  • Firstpage
    156
  • Lastpage
    168
  • Abstract
    One of the primary challenges in intrusion detection is modelling typical application behavior so that we can recognize attacks by their atypical effects without raising too many false alarms. We show how static analysis may be used to automatically derive a model of application behavior. The result is a host-based intrusion detection system with three advantages: a high degree of automation, protection against a broad class of attacks based on corrupted code, and the elimination of false alarms. We report on our experience with a prototype implementation of this technique
  • Keywords
    network operating systems; program diagnostics; security of data; computer security; corrupted code; false alarms; host-based intrusion detection system; intrusion detection; mobile code; programming languages; static analysis; typical application behavior; Arm; Automation; Buffer overflow; Computer security; Information security; Intrusion detection; Java; Logic; Protection; Prototypes;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Security and Privacy, 2001. S&P 2001. Proceedings. 2001 IEEE Symposium on
  • Conference_Location
    Oakland, CA
  • ISSN
    1081-6011
  • Print_ISBN
    0-7695-1046-9
  • Type

    conf

  • DOI
    10.1109/SECPRI.2001.924296
  • Filename
    924296