Anomaly intrusion detection in dynamic execution environments

Hajime Inoue; Stephanie Forrest

doi:10.1145/844102.844112

Anomaly intrusion detection in dynamic execution environments

Hajime Inoue, Stephanie Forrest

Research output: Contribution to conference › Paper › peer-review

14 Scopus citations

Abstract

We describe an anomaly intrusion-detection system for platforms that incorporate dynamic compilation and profiling. We call this approach "dynamic sandboxing." By gathering information about applications' behavior usually unavailable to other anomaly intrusion-detection systems, dynamic sandboxing is able to detect anomalies at the application layer. We show our implementation in a Java Virtual Machine is both effective and efficient at stopping a backdoor and a virus, and has a low false positive rate.

Original language	English (US)
Pages	52-60
Number of pages	9
DOIs	https://doi.org/10.1145/844102.844112
State	Published - 2002
Externally published	Yes
Event	Proceedings New Security Paradigms Workshop 2002 - Virginia Beach, VA, United States Duration: Sep 23 2002 → Sep 26 2002

Other

Other	Proceedings New Security Paradigms Workshop 2002
Country/Territory	United States
City	Virginia Beach, VA
Period	9/23/02 → 9/26/02

Keywords

Anomaly detection
Dynamic sandboxing
Java

ASJC Scopus subject areas

Computer Networks and Communications

Access to Document

10.1145/844102.844112

Cite this

@conference{715cb25ea2b745e7a1c8e66f6a257c73,

title = "Anomaly intrusion detection in dynamic execution environments",

abstract = "We describe an anomaly intrusion-detection system for platforms that incorporate dynamic compilation and profiling. We call this approach {"}dynamic sandboxing.{"} By gathering information about applications' behavior usually unavailable to other anomaly intrusion-detection systems, dynamic sandboxing is able to detect anomalies at the application layer. We show our implementation in a Java Virtual Machine is both effective and efficient at stopping a backdoor and a virus, and has a low false positive rate.",

keywords = "Anomaly detection, Dynamic sandboxing, Java",

author = "Hajime Inoue and Stephanie Forrest",

year = "2002",

doi = "10.1145/844102.844112",

language = "English (US)",

pages = "52--60",

}

TY - CONF

T1 - Anomaly intrusion detection in dynamic execution environments

AU - Inoue, Hajime

AU - Forrest, Stephanie

PY - 2002

Y1 - 2002

N2 - We describe an anomaly intrusion-detection system for platforms that incorporate dynamic compilation and profiling. We call this approach "dynamic sandboxing." By gathering information about applications' behavior usually unavailable to other anomaly intrusion-detection systems, dynamic sandboxing is able to detect anomalies at the application layer. We show our implementation in a Java Virtual Machine is both effective and efficient at stopping a backdoor and a virus, and has a low false positive rate.

AB - We describe an anomaly intrusion-detection system for platforms that incorporate dynamic compilation and profiling. We call this approach "dynamic sandboxing." By gathering information about applications' behavior usually unavailable to other anomaly intrusion-detection systems, dynamic sandboxing is able to detect anomalies at the application layer. We show our implementation in a Java Virtual Machine is both effective and efficient at stopping a backdoor and a virus, and has a low false positive rate.

KW - Anomaly detection

KW - Dynamic sandboxing

KW - Java

UR - http://www.scopus.com/inward/record.url?scp=0242443932&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=0242443932&partnerID=8YFLogxK

U2 - 10.1145/844102.844112

DO - 10.1145/844102.844112

M3 - Paper

AN - SCOPUS:0242443932

SP - 52

EP - 60

T2 - Proceedings New Security Paradigms Workshop 2002

Y2 - 23 September 2002 through 26 September 2002

ER -

Anomaly intrusion detection in dynamic execution environments

Abstract

Other

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this