Anomaly intrusion detection in dynamic execution environments

Hajime Inoue, Stephanie Forrest

Research output: Contribution to conferencePaper

13 Citations (Scopus)

Abstract

We describe an anomaly intrusion-detection system for platforms that incorporate dynamic compilation and profiling. We call this approach "dynamic sandboxing." By gathering information about applications' behavior usually unavailable to other anomaly intrusion-detection systems, dynamic sandboxing is able to detect anomalies at the application layer. We show our implementation in a Java Virtual Machine is both effective and efficient at stopping a backdoor and a virus, and has a low false positive rate.

Original languageEnglish (US)
Pages52-60
Number of pages9
StatePublished - Dec 1 2002
Externally publishedYes
EventProceedings New Security Paradigms Workshop 2002 - Virginia Beach, VA, United States
Duration: Sep 23 2002Sep 26 2002

Other

OtherProceedings New Security Paradigms Workshop 2002
CountryUnited States
CityVirginia Beach, VA
Period9/23/029/26/02

Fingerprint

Intrusion detection
Viruses
Dynamical systems
Virtual machine

Keywords

  • Anomaly detection
  • Dynamic sandboxing
  • Java

ASJC Scopus subject areas

  • Computer Networks and Communications

Cite this

Inoue, H., & Forrest, S. (2002). Anomaly intrusion detection in dynamic execution environments. 52-60. Paper presented at Proceedings New Security Paradigms Workshop 2002, Virginia Beach, VA, United States.

Anomaly intrusion detection in dynamic execution environments. / Inoue, Hajime; Forrest, Stephanie.

2002. 52-60 Paper presented at Proceedings New Security Paradigms Workshop 2002, Virginia Beach, VA, United States.

Research output: Contribution to conferencePaper

Inoue, H & Forrest, S 2002, 'Anomaly intrusion detection in dynamic execution environments', Paper presented at Proceedings New Security Paradigms Workshop 2002, Virginia Beach, VA, United States, 9/23/02 - 9/26/02 pp. 52-60.
Inoue H, Forrest S. Anomaly intrusion detection in dynamic execution environments. 2002. Paper presented at Proceedings New Security Paradigms Workshop 2002, Virginia Beach, VA, United States.
Inoue, Hajime ; Forrest, Stephanie. / Anomaly intrusion detection in dynamic execution environments. Paper presented at Proceedings New Security Paradigms Workshop 2002, Virginia Beach, VA, United States.9 p.
@conference{715cb25ea2b745e7a1c8e66f6a257c73,
title = "Anomaly intrusion detection in dynamic execution environments",
abstract = "We describe an anomaly intrusion-detection system for platforms that incorporate dynamic compilation and profiling. We call this approach {"}dynamic sandboxing.{"} By gathering information about applications' behavior usually unavailable to other anomaly intrusion-detection systems, dynamic sandboxing is able to detect anomalies at the application layer. We show our implementation in a Java Virtual Machine is both effective and efficient at stopping a backdoor and a virus, and has a low false positive rate.",
keywords = "Anomaly detection, Dynamic sandboxing, Java",
author = "Hajime Inoue and Stephanie Forrest",
year = "2002",
month = "12",
day = "1",
language = "English (US)",
pages = "52--60",
note = "Proceedings New Security Paradigms Workshop 2002 ; Conference date: 23-09-2002 Through 26-09-2002",

}

TY - CONF

T1 - Anomaly intrusion detection in dynamic execution environments

AU - Inoue, Hajime

AU - Forrest, Stephanie

PY - 2002/12/1

Y1 - 2002/12/1

N2 - We describe an anomaly intrusion-detection system for platforms that incorporate dynamic compilation and profiling. We call this approach "dynamic sandboxing." By gathering information about applications' behavior usually unavailable to other anomaly intrusion-detection systems, dynamic sandboxing is able to detect anomalies at the application layer. We show our implementation in a Java Virtual Machine is both effective and efficient at stopping a backdoor and a virus, and has a low false positive rate.

AB - We describe an anomaly intrusion-detection system for platforms that incorporate dynamic compilation and profiling. We call this approach "dynamic sandboxing." By gathering information about applications' behavior usually unavailable to other anomaly intrusion-detection systems, dynamic sandboxing is able to detect anomalies at the application layer. We show our implementation in a Java Virtual Machine is both effective and efficient at stopping a backdoor and a virus, and has a low false positive rate.

KW - Anomaly detection

KW - Dynamic sandboxing

KW - Java

UR - http://www.scopus.com/inward/record.url?scp=0242443932&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=0242443932&partnerID=8YFLogxK

M3 - Paper

AN - SCOPUS:0242443932

SP - 52

EP - 60

ER -