Behavioral Distance for Intrusion Detection
We introduce a notion, behavioral distance, for evaluating the extent to which processes—potentially running different programs and executing on different platforms—behave similarly in response to a common input. We explore behavioral distance as a means to detect an attack on one process that cause...
Saved in:
Main Authors: | GAO, Debin, Reiter, Michael K., SONG, Dawn |
---|---|
Format: | text |
Language: | English |
Published: |
Institutional Knowledge at Singapore Management University
2005
|
Subjects: | |
Online Access: | https://ink.library.smu.edu.sg/sis_research/1243 http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.113.7936 |
Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
Institution: | Singapore Management University |
Language: | English |
Similar Items
-
Beyond output voting: Detecting compromised replicas using HMM-based behavioral distance
by: GAO, Debin, et al.
Published: (2009) -
Behavioral Distance Measurement using Hidden Markov Models
by: GAO, Debin, et al.
Published: (2006) -
On Gray-Box Program Tracking for Anomaly Detection
by: GAO, Debin, et al.
Published: (2004) -
Gray-Box Extraction of Execution Graphs for Anomaly Detection
by: GAO, Debin, et al.
Published: (2004) -
Binhunt: Automatically Finding Semantic Differences in Binary Programs
by: GAO, Debin, et al.
Published: (2008)