Sense of self for unix processes

Stephanie Forrest, Steven A. Hofmeyr, Anil Somayaji, Thomas A. Longstaff

Research output: Contribution to journalConference article

1187 Scopus citations

Abstract

A method for anomaly detection is introduced in which 'normal' is defined by short-range correlations in a process' system calls. Initial experiments suggest that the definition is stable during normal behavior for standard UNIX programs. Further, it is able to detect several common intrusions involving sendmail and 1pr. This work is part of a research program aimed at building computer security systems that incorporate the mechanisms and algorithms used by natural immune systems.

Original languageEnglish (US)
Pages (from-to)120-128
Number of pages9
JournalProceedings of the IEEE Computer Society Symposium on Research in Security and Privacy
StatePublished - Jan 1 1996
Externally publishedYes
EventProceedings of the 1996 17th IEEE Symposium on Security and Privacy - Oakland, CA, USA
Duration: May 6 1996May 8 1996

ASJC Scopus subject areas

  • Software

Fingerprint Dive into the research topics of 'Sense of self for unix processes'. Together they form a unique fingerprint.

  • Cite this