A Sense of Self for Unix Processes
Author
Stephanie Forrest, Steven A. Hofmeyr, Anil Somayaji, Thomas A. Longstaff
Abstract
A method for anomaly detection is introduced in which normal is defined by short-range correlations in a process system calls. Initial experiments suggest that the definition is stable during normal behavior for standard UNIX programs. Further, it is able to detect several common intrusions involving sendmail and lpr. This work is part of a research program aimed at building computer security systems that incorporate the mechanisms and algorithms used by natural immune systems.
Publisher
IEEE Computer Society Press
Affiliation
University of New Mexico, CERT Coordination Center (Longstaff)
Publication Date
2001-01-01
Keywords
anomaly detection, artificial immune systems