Application Intrusion Detection using Language Library Calls

A
ACSAC
2001
17th Annual Computer Security Applications Conference (ACSAC'01)
Abstract - Application Intrusion Detection using Language Library Calls

	This Article
	Subscribers, please Login Purchase article: $19 PDF IEEE Xplore Subscribers RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by A. Jones Articles by Y. Lin

17th Annual Computer Security Applications Conference (ACSAC'01)

New Orleans, Lousiana

December 10-December 14

ISBN: 0-7695-1405-7

	ASCII Text	x
	A. Jones, Y. Lin, "Application Intrusion Detection using Language Library Calls," Computer Security Applications Conference, Annual, pp. 0442, 17th Annual Computer Security Applications Conference (ACSAC'01), 2001.

	BibTex	x
	@article{ 10.1109/ACSAC.2001.991561, author = {A. Jones and Y. Lin}, title = {Application Intrusion Detection using Language Library Calls}, journal ={Computer Security Applications Conference, Annual}, volume = {0}, year = {2001}, isbn = {0-7695-1405-7}, pages = {0442}, doi = {http://doi.ieeecomputersociety.org/10.1109/ACSAC.2001.991561}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Computer Security Applications Conference, Annual TI - Application Intrusion Detection using Language Library Calls SN - 0-7695-1405-7 SP EP A1 - A. Jones, A1 - Y. Lin, PY - 2001 VL - 0 JA - Computer Security Applications Conference, Annual ER -

A. Jones, University of Virginia

Y. Lin, University of Virginia

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/ACSAC.2001.991561

Traditionally, intrusion detection systems detect intrusions at the operating system (OS) level. In this paper we explore the possibility of detecting intrusion at the application level by using rich application semantics. We use short sequences of language library calls as signatures. We consider library call signatures to be more application-oriented than system call signatures because they are a more direct reflection of application code. Most applications are written in a higher-level language with an associated support library, such as C or C++. We hypothesize that library call signatures can be used to detect attacks that cause perturbation in the application code. We are hopeful that this technique will be amenable to detecting attacks that are carried out by internal intruders, who are viewed as legitimate users by an operating system.

Citation:

A. Jones, Y. Lin, "Application Intrusion Detection using Language Library Calls," acsac, pp.0442, 17th Annual Computer Security Applications Conference (ACSAC'01), 2001

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.