Automatically Adapting a Trained Anomaly Detector to Software Patches

In order to detect a compromise of a running process based on it deviating from its program’s normal system-call behavior, an anomaly detector must first be trained with traces of system calls made by the program when provided clean inputs. When a patch for the monitored program is released, however...

Full description

Saved in:
Bibliographic Details
Main Authors: LI, Peng, GAO, Debin, Reiter, Michael K.
Format: text
Language:English
Published: Institutional Knowledge at Singapore Management University 2009
Subjects:
Online Access:https://ink.library.smu.edu.sg/sis_research/475
http://dx.doi.org/10.1007/978-3-642-04342-0_8
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Singapore Management University
Language: English