A sense of self for Unix processes

Forrest, Stephanie; Hofmeyr, Steven; Somayaji, Anil; Longstaff, Thomas A.

doi:10.1109/secpri.1996.502675

articleDec 23, 2002Closed access

A sense of self for Unix processes

SFStephanie Forrest SHSteven Hofmeyr ASAnil Somayaji TAThomas A. Longstaff

University of New Mexico · Software Engineering Institute · +1 more institution

Indexed incrossref

Abstract

A method for anomaly detection is introduced in which "normal" is defined by short-range correlations in a process' system calls. Initial experiments suggest that the definition is stable during normal behaviour for standard UNIX programs. Further; it is able to detect several common intrusions involving sendmail and 1pr. This work is part of a research program aimed at building computer security systems that incorporate the mechanisms and algorithms used by natural immune systems.

Citation impact

848

total citations

FWCI: 49.18
Percentile: 100%
References: 11

Citations per year

Authors

4

Topics & keywords

Topics

Keywords

Unix
Computer science
System call
Anomaly detection
Process (computing)
Intrusion detection system
Range (aeronautics)
Operating system

No related works found for this paper.