2008 Annual Computer Security Applications Conference (ACSAC) 2008
DOI: 10.1109/acsac.2008.54
|View full text |Cite
|
Sign up to set email alerts
|

The Evolution of System-Call Monitoring

Abstract: Computer security systems protect computers and networks from unauthorized use by external agents and insiders. The similarities between computer security and the problem of protecting a body against damage from externally and internally generated threats are compelling and were recognized as early as 1972 when the term computer virus was coined. The connection to immunology was made explicit in the mid 1990s, leading to a variety of prototypes, commercial products, attacks, and analyses. The paper reviews one… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
3
1
1

Citation Types

0
67
0
4

Year Published

2013
2013
2024
2024

Publication Types

Select...
6
2
1

Relationship

0
9

Authors

Journals

citations
Cited by 101 publications
(71 citation statements)
references
References 64 publications
(89 reference statements)
0
67
0
4
Order By: Relevance
“…The Opcode function calls are captured as a sequence of integers and extracted with no additional processing, thereby reducing the log trace overhead. Evaluating only function keyword sequences has also be successfully deployed at the kernel level for anomaly detection in operating systems [12,13,34,53].…”
Section: Data Extractionmentioning
confidence: 99%
See 1 more Smart Citation
“…The Opcode function calls are captured as a sequence of integers and extracted with no additional processing, thereby reducing the log trace overhead. Evaluating only function keyword sequences has also be successfully deployed at the kernel level for anomaly detection in operating systems [12,13,34,53].…”
Section: Data Extractionmentioning
confidence: 99%
“…Figure 1 is a sample snippet of JavaScript code used to perform a drive-by download attack. The code contains a shellcode (line 2), a routine for constructing a NOP sled (lines 3-10), and a heap spraying attack (lines [12][13][14][15][16][17][18]. The shellcode is a binary payload injected and executed on a user device.…”
Section: Introductionmentioning
confidence: 99%
“…Dynamic malware analysis methods monitor the interactions between a malware sample and an operating system kernel [19,20], e.g. invoked system calls and its arguments.…”
Section: Interrelation Between Observed Objectsmentioning
confidence: 99%
“…Even without a contemplation of the accuracy of the CFG, a couple of issues arise from this conceptual control flow validation scenario such as CFG granularity and the representation and storage of the CFG. System-call-level CFG was utilized during the early days of the technology to reduce the overhead of the CFG representation and storage, and also to enable access to the CFG at runtime [13]; however, such a coarse-grain CFG often fails to catch a compromised control flow because many hundreds or thousands of instructions can exist between the system calls.…”
Section: Introductionmentioning
confidence: 99%