This Article 
   
 Share 
   
 Bibliographic References 
   
 Add to: 
 
Digg
Furl
Spurl
Blink
Simpy
Google
Del.icio.us
Y!MyWeb
 
 Search 
   
Analysis of Computer Intrusions Using Sequences of Function Calls
April-June 2007 (vol. 4 no. 2)
pp. 137-150
This paper demonstrates the value of analyzing sequences of function calls for forensic analysis. Although this approach has been used for intrusion detection (that is, determining that a system has been attacked), its value in isolating the cause and effects of the attack has not previously been shown. We also look for not only the presence of unexpected events but also the absence of expected events. We tested these techniques using reconstructed exploits in su, ssh, and lpr, as well as proof-of-concept code, and, in all cases, were able to detect the anomaly and the nature of the vulnerability.
Index Terms:
Security, forensic analysis, logging, auditing, intrusion detection, anomaly detection, management, design, unauthorized access (for example, hacking).
Citation:
Sean Peisert, Matt Bishop, Sidney Karin, Keith Marzullo, "Analysis of Computer Intrusions Using Sequences of Function Calls," IEEE Transactions on Dependable and Secure Computing, vol. 4, no. 2, pp. 137-150, April-June 2007, doi:10.1109/TDSC.2007.1003
Usage of this product signifies your acceptance of the Terms of Use.