Application intrusion detection using language library calls

Application intrusion detection using language library calls

Traditionally, intrusion detection systems detect intrusions at the operating system (OS) level. We explore the possibility of detecting intrusion at the application level by using rich application semantics. We use short sequences of language library calls as signatures. We consider library call si...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Jones, A.K., Yu Lin
Format: Tagungsbericht
Sprache:eng
Schlagworte:
Authorization
Availability
Intrusion detection
Libraries
Monitoring
Object detection
Operating systems
Reflection
Security
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:Traditionally, intrusion detection systems detect intrusions at the operating system (OS) level. We explore the possibility of detecting intrusion at the application level by using rich application semantics. We use short sequences of language library calls as signatures. We consider library call signatures to be more application-oriented than system call signatures because they are a more direct reflection of application code. Most applications are written in a higher-level language with an associated support library such as C or C++. We hypothesize that library call signatures can be used to detect attacks that cause perturbation in the application code. We are hopeful that this technique will be amenable to detecting attacks that are carried out by internal intruders, who are viewed as legitimate users by an operating system.
DOI:10.1109/ACSAC.2001.991561