Gray-Box Extraction of Execution Graphs for Anomaly Detection

Gray-Box Extraction of Execution Graphs for Anomaly Detection

Many host-based anomaly detection systems monitor a process by observing the system calls it makes, and comparing these calls to a model of behavior for the program that the process should be executing. In this paper we introduce a new model of system call behavior, called an execution graph. The ex...

Full description

Saved in:

Bibliographic Details
Main Authors:	GAO, Debin, Reiter, Michael K., SONG, Dawn
Format:	text
Language:	English
Published:	Institutional Knowledge at Singapore Management University 2004
Subjects:	Information Security
Online Access:	https://ink.library.smu.edu.sg/sis_research/1242 http://dx.doi.org/10.1145/1030083.1030126
Tags:	Add Tag No Tags, Be the first to tag this record!
Institution:	Singapore Management University
Language:	English

Similar Items

On Gray-Box Program Tracking for Anomaly Detection
by: GAO, Debin, et al.
Published: (2004)

Towards Ground Truthing Observations in Gray-Box Anomaly Detection
by: MING, Jiang, et al.
Published: (2011)

Behavioral Distance for Intrusion Detection
by: GAO, Debin, et al.
Published: (2005)

Automatically Adapting a Trained Anomaly Detector to Software Patches
by: LI, Peng, et al.
Published: (2009)

Binhunt: Automatically Finding Semantic Differences in Binary Programs
by: GAO, Debin, et al.
Published: (2008)

Beyond output voting: Detecting compromised replicas using HMM-based behavioral distance
by: GAO, Debin, et al.
Published: (2009)

Behavioral Distance Measurement using Hidden Markov Models
by: GAO, Debin, et al.
Published: (2006)

Mitigating Access-Driven Timing Channels in Clouds using StopWatch
by: LI, Peng, et al.
Published: (2013)

On-demand time blurring to support side-channel defense
by: LIU, Weijie, et al.
Published: (2017)

Anomaly Based Webphishing Page Detection
by: PAN, Y., et al.
Published: (2006)

Enhancing Profiles for Anomaly Detection Using Time Granularities
by: LI, Yingjiu, et al.
Published: (2002)

Finding the same source programs based on the structural fingerprint distance of call graph
by: YIN, Zhiyi, et al.
Published: (2009)

Bridging the Gap between Data-Flow and Control-Flow Analysis for Anomaly Detection
by: LI, Peng, et al.
Published: (2008)

Linear Obfuscation to Combat Symbolic Execution
by: WANG, Zhi, et al.
Published: (2011)

On Challenges in Evaluating Malware Clustering
by: LI, Peng, et al.
Published: (2010)

Subgraph centralization: A necessary step for graph anomaly detection
by: ZHUANG, Zhong, et al.
Published: (2023)

Cross-domain graph anomaly detection via anomaly-aware contrastive alignment
by: WANG, Qizhou, et al.
Published: (2023)

Virus doctor in a box
by: Lo, Jefferson
Published: (2007)

StopWatch: A Cloud Architecture for Timing Channel Mitigation
by: Li, Peng, et al.
Published: (2014)

White-box fairness testing through adversarial sampling
by: ZHANG, Peixin, et al.
Published: (2020)

Time cost evaluation for executing RFID authentication protocols
by: CHIEW, Kevin, et al.
Published: (2010)

Fighting Coercion Attacks in Key Generation using Skin Conductance
by: GUPTA, Payas, et al.
Published: (2010)

When function signature recovery meets compiler optimization
by: LIN, Yan, et al.
Published: (2021)

Applying graph neural network to multivariate time series anomaly detection
by: Mao, Yiyun
Published: (2024)

Launching Return-Oriented Programming Attacks against Randomized Relocatable Executables
by: LIU, Limin, et al.
Published: (2011)

Defending against heap overflow by using randomization in nested virtual clusters
by: TEY, Chee Meng, et al.
Published: (2013)

Catching both gray and black swans: Open-set supervised anomaly detection
by: DING, Choubo, et al.
Published: (2022)

Enhancing symbolic execution of heap-based programs with separation logic for test input generation
by: PHAM, Long H., et al.
Published: (2019)

SuperCall: A Secure Interface For Isolated Execution Environment to Dynamically Use External Services
by: CHENG, Yueqiang, et al.
Published: (2016)

Detecting Anomalies in Bipartite Graphs with Mutual Dependency Principles
by: DAI, Hanbo, et al.
Published: (2012)

I Can Be You: Questioning the Use of Keystroke Dynamics as Biometrics
by: TEY, Chee Meng, et al.
Published: (2013)

On the Effectiveness of Software Diversity: A Systematic Study on Real-World Vulnerabilities
by: HAN, Jin, et al.
Published: (2009)

A novel dynamic analysis infrastructure to instrument untrusted execution flow across user-kernel spaces
by: HONG, Jiaqi, et al.
Published: (2021)

Learning Fine-Grained Structured Input for Memory Corruption Detection
by: ZHAO, Lei, et al.
Published: (2012)

Graph neural network for anomaly detection
by: Yeo, Ming Hong
Published: (2024)

Keystroke Timing Analysis of on-the-fly Web Apps
by: TEY, Chee Meng, et al.
Published: (2013)

On Detection of Erratic Arguments
by: HAN, Jin, et al.
Published: (2011)

Peep with a mirror: Breaking the integrity of Android app sandboxing via unprivileged cache side channel
by: LIN, Yan, et al.
Published: (2024)

Configuring timing parameters to ensure execution-time opacity in timed automata
by: André, Étienne, et al.
Published: (2023)

Comparing Mobile Privacy Protection through Cross-Platform Applications
by: HAN, Jin, et al.
Published: (2013)