Analysis of Computer Intrusions Using Sequences of Function Calls

Sean Peisert; Keith Marzullo; Matt Bishop; Sidney Karin

doi:10.1109/TDSC.2007.1003

Publication
2007
Issue No. 2 - April-June
Abstract - Analysis of Computer Intrusions Using Sequences of Function Calls

	This Article
	Subscribers, please Login Purchase article: $19 PDF HTML IEEE Xplore Subscribers RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/EndNote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Sean Peisert Articles by Matt Bishop Articles by Sidney Karin Articles by Keith Marzullo

Analysis of Computer Intrusions Using Sequences of Function Calls

April-June 2007 (vol. 4 no. 2)

pp. 137-150

	ASCII Text	x
	Sean Peisert, Matt Bishop, Sidney Karin, Keith Marzullo, "Analysis of Computer Intrusions Using Sequences of Function Calls," IEEE Transactions on Dependable and Secure Computing, vol. 4, no. 2, pp. 137-150, April-June, 2007.

	BibTex	x
	@article{ 10.1109/TDSC.2007.1003, author = {Sean Peisert and Matt Bishop and Sidney Karin and Keith Marzullo}, title = {Analysis of Computer Intrusions Using Sequences of Function Calls}, journal ={IEEE Transactions on Dependable and Secure Computing}, volume = {4}, number = {2}, issn = {1545-5971}, year = {2007}, pages = {137-150}, doi = {http://doi.ieeecomputersociety.org/10.1109/TDSC.2007.1003}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - JOUR JO - IEEE Transactions on Dependable and Secure Computing TI - Analysis of Computer Intrusions Using Sequences of Function Calls IS - 2 SN - 1545-5971 SP137 EP150 EPD - 137-150 A1 - Sean Peisert, A1 - Matt Bishop, A1 - Sidney Karin, A1 - Keith Marzullo, PY - 2007 KW - Security KW - forensic analysis KW - logging KW - auditing KW - intrusion detection KW - anomaly detection KW - management KW - design KW - unauthorized access (for example KW - hacking). VL - 4 JA - IEEE Transactions on Dependable and Secure Computing ER -

Sean Peisert, IEEE

Matt Bishop, IEEE

Sidney Karin, IEEE

Keith Marzullo

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/TDSC.2007.1003

This paper demonstrates the value of analyzing sequences of function calls for forensic analysis. Although this approach has been used for intrusion detection (that is, determining that a system has been attacked), its value in isolating the cause and effects of the attack has not previously been shown. We also look for not only the presence of unexpected events but also the absence of expected events. We tested these techniques using reconstructed exploits in su, ssh, and lpr, as well as proof-of-concept code, and, in all cases, were able to detect the anomaly and the nature of the vulnerability.

Index Terms:

Security, forensic analysis, logging, auditing, intrusion detection, anomaly detection, management, design, unauthorized access (for example, hacking).

Citation:

Sean Peisert, Matt Bishop, Sidney Karin, Keith Marzullo, "Analysis of Computer Intrusions Using Sequences of Function Calls," IEEE Transactions on Dependable and Secure Computing, vol. 4, no. 2, pp. 137-150, April-June 2007, doi:10.1109/TDSC.2007.1003

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.