- Main
Analysis of Computer Intrusions Using Sequences of Function Calls
Published Web Location
http://www.sdsc.edu/~peisert/research/PBKM-IEEETDSC-FunctionCalls.pdfAbstract
This paper demonstrates the value of analyzing sequences of function calls for forensic analysis. Although this approach has been used for intrusion detection (that is, determining that a system has been attacked), its value in isolating the cause and effects of the attack has not previously been shown. We also look for not only the presence of unexpected events but also the absence of expected events. We tested these techniques using reconstructed exploits in su, ssh, and 1pr, as well as proof-of-concept code, and, in all cases, were able to detect the anomaly and the nature of the vulnerability.
Many UC-authored scholarly publications are freely available on this site because of the UC's open access policies. Let us know how this access is important for you.
Main Content
Enter the password to open this PDF file:
-
-
-
-
-
-
-
-
-
-
-
-
-
-