A sense of self for unix processes
| Author(s) : | Anil Somayaji Steven A. Hofmeyr Stephanie Forrest, |
| Publisher : | N/A |
| Publication Date : | 1996 |
| ISSN : | N/A |
| Abstract : | A method for anomaly detection is introduced in which ?normal ? is defined by short-range correlations in a process? system calls. Initial experiments suggest that the definition is stable during normal behavior for standard UNIX programs. Further, it is able to detect several common intrusions involvingsendmail andlpr. This work is part of a research program aimed at building computer security systems that incorporate the mechanisms and algorithms used by natural immune systems. 1, |