2006
DOI: 10.1007/11663812_8
|View full text |Cite
|
Sign up to set email alerts
|

Improving Host-Based IDS with Argument Abstraction to Prevent Mimicry Attacks

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1
1
1

Citation Types

0
9
0

Year Published

2008
2008
2017
2017

Publication Types

Select...
4
3
2

Relationship

0
9

Authors

Journals

citations
Cited by 16 publications
(9 citation statements)
references
References 11 publications
0
9
0
Order By: Relevance
“…Sufatrio presented an algorithm for automated mimicry attack on Finite‐State Automaton (or overlapping graph) classifier using system call n‐grams. However, this algorithm limits the malware code that can be camouflaged using it, to one that can be assembled from benign trace n‐grams.…”
Section: Background and Related Workmentioning
confidence: 99%
“…Sufatrio presented an algorithm for automated mimicry attack on Finite‐State Automaton (or overlapping graph) classifier using system call n‐grams. However, this algorithm limits the malware code that can be camouflaged using it, to one that can be assembled from benign trace n‐grams.…”
Section: Background and Related Workmentioning
confidence: 99%
“…Various IDSes can also be classified into network-based [38,28,13,37,25,32,10,13] and host-based ones [15,36,8,26,31,12]. The difference between these two categories lies in where the intelligence used for detection resides.…”
Section: Limitations Of Existing Approachesmentioning
confidence: 99%
“…They reported improved attack detection, but at the cost of increased complexity: Their system ran 4-10 times more slowly when arguments were included. Sufatrio and Yap incorporated data flow in the form of a supplied specification for system call arguments [69], and Bhatkar et al reported that modeling the temporal aspects of data flow in conjunction with control flow further improved detection [6].…”
Section: Data Flowmentioning
confidence: 99%