{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,19]],"date-time":"2025-03-19T13:56:34Z","timestamp":1742392594250},"publisher-location":"Berlin, Heidelberg","reference-count":36,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"type":"print","value":"9783540231233"},{"type":"electronic","value":"9783540301431"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2004]]},"DOI":"10.1007\/978-3-540-30143-1_2","type":"book-chapter","created":{"date-parts":[[2010,9,18]],"date-time":"2010-09-18T23:59:24Z","timestamp":1284854364000},"page":"21-38","source":"Crossref","is-referenced-by-count":22,"title":["Context Sensitive Anomaly Monitoring of Process Control Flow to Detect Mimicry Attacks and Impossible Paths"],"prefix":"10.1007","author":[{"given":"Haizhi","family":"Xu","sequence":"first","affiliation":[]},{"given":"Wenliang","family":"Du","sequence":"additional","affiliation":[]},{"given":"Steve J.","family":"Chapin","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"key":"2_CR1","unstructured":"Baratloo, A., Tsai, T., Singh, N.: Libsafe: Protecting critical elements of stacks. Technical report, Avaya Labs Research (1999)"},{"key":"2_CR2","unstructured":"Chew, M., Song, D.: Mitigating buffer overflows by operating system randomization. Technical report, CMU department of computer science (2002)"},{"key":"2_CR3","unstructured":"Cowan, C., Barringer, M., Beattie, S., Kroah-Hartman, G., Frantzen, M., Lokier, J.: Format- Guard: Automatic Protection From printf Format String Vulnerabilities. In: Proceedings of the 2001 USENIX Security Symposium, Washington D.C. (2001)"},{"key":"2_CR4","unstructured":"Cowan, C., Pu, C., Maier, D., Hinton, H., Walpole, J., Bakke, P., Beattie, S., Grier, A., Wagle, P., Zhang, Q.: StackGuard: Automatic Adaptive Detection and Prevention of Buffer- Overflow Attacks. In: Proceedings of the 7th USENIX Security Symposium, San Antonio, Texas (1998)"},{"key":"2_CR5","doi-asserted-by":"crossref","unstructured":"Feng, H.H., Kolesnikov, O.M., Fogla, P., Lee, W., Gong, W.: Anomaly Detection Using Call Stack Information. In: Proceedings of the 2003 IEEE Symposium on Security and Privacy, Berkeley, CA (2003)","DOI":"10.1109\/SECPRI.2003.1199328"},{"key":"2_CR6","doi-asserted-by":"crossref","unstructured":"Forrest, S., Hofmeyr, S.A., Somayaji, A., Longstaff, T.A.: A Sense of Self for Unix Processes. In: Proceedings of the 1996 IEEE Symposium on Security and Privacy (1996)","DOI":"10.1109\/SECPRI.1996.502675"},{"key":"2_CR7","unstructured":"Purczynski, W.: (kNoX \u2013 implementation of non-executable page protection mechanism)"},{"key":"2_CR8","unstructured":"Solar Designer: Non-Executable User Stack, \n                    \n                      http:\/\/www.openwall.com\/linux\/"},{"key":"2_CR9","unstructured":"Lhee, K., Chapin, S.J.: Type-Assisted Dynamic Buffer Overflow Detection. In: Proceedings of the 11th USENIX Security Symposium, San Francisco (2002)"},{"key":"2_CR10","unstructured":"the Pax team: design & implementation of PaX, \n                    \n                      http:\/\/pageexec.virtualave.net\/docs\/index.html"},{"key":"2_CR11","unstructured":"Vendicator: StackShield: A \u201cstack smashing\u201d technique protection tool for linux, \n                    \n                      http:\/\/www.angelfire.com\/sk\/stackshield\/"},{"key":"2_CR12","doi-asserted-by":"crossref","unstructured":"Wagner, D., Dean, D.: Intrusion detection via static analysis. In: Proceedings of the 2001 IEEE Symposium on Security and Privacy (2001)","DOI":"10.1109\/SECPRI.2001.924296"},{"key":"2_CR13","unstructured":"Xu, J., Kalbarczyk, Z., Iyer, R.K.: Transparent Runtime Randomization for Security. In: Proceedings of the 22nd Symposium on Reliable and Distributed Systems (SRDS), Florence, Italy (2003)"},{"key":"2_CR14","unstructured":"Ghosh, A., Schwartzbard, A.: A study in using neural networks for anomaly and misuse detection. In: 8th USENIX security symposium (1999)"},{"key":"2_CR15","unstructured":"Lee, W., Stolfo, S.: Data mining approaches for intrusion detection. In: 7th USENIX security symposium, San Antonio, TX (1998)"},{"key":"2_CR16","doi-asserted-by":"crossref","unstructured":"Warrender, C., Forrest, S., Pearlmutter, B.: Detecting Intrusions Using System Calls: Alternative Data Models. In: Proceedings of the 1999 IEEE Symposium on Security and Privacy (1999)","DOI":"10.1109\/SECPRI.1999.766910"},{"key":"2_CR17","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","DOI":"10.1007\/3-540-39945-3_8","volume-title":"Recent Advances in Intrusion Detection","author":"A. Wespi","year":"2000","unstructured":"Wespi, A., Dacier, M., Debar, H.: Intrusion detection using variable-length audit trail patterns. In: Debar, H., M\u00e9, L., Wu, S.F. (eds.) RAID 2000. LNCS, vol.\u00a01907, Springer, Heidelberg (2000)"},{"key":"2_CR18","unstructured":"Abadi, M., Fournet, C.: Access control based on execution history. In: Proceedings of the 2003 Network and Distributed System Security Symposium (2003)"},{"key":"2_CR19","doi-asserted-by":"crossref","unstructured":"Wagner, D., Soto, P.: Mimicry attacks on host-based intrusion detection systems. In: Proceedings of the 9th ACM Conference On Computer And Communication Security, Washington, DC, USA (2002)","DOI":"10.1145\/586110.586145"},{"key":"2_CR20","unstructured":"Aleph One: Smashing The Stack For Fun And Profit, \n                    \n                      www.Phrack.org\n                    \n                    \n                   49 (1996)"},{"key":"2_CR21","unstructured":"Nergal: The advanced return-into-lib(c) exploits, \n                    \n                      www.Phrack.org\n                    \n                    \n                   58 (2001)"},{"key":"2_CR22","series-title":"The Common Language Runtime","volume-title":"Essential .NET","author":"D. Box","year":"2002","unstructured":"Box, D.: Essential.NET. The Common Language Runtime, vol.\u00a0I. Addison-Wesley, Reading (2002)"},{"key":"2_CR23","volume-title":"Inside Java 2 Platform Security: Architecture, API Design, and Implementation","author":"L. Gong","year":"1999","unstructured":"Gong, L., Ellison, G., Dageforde, M.: Inside Java 2 Platform Security: Architecture, API Design, and Implementation, 2nd edn. Addison Wesley, Reading (1999)","edition":"2"},{"key":"2_CR24","first-page":"144","volume-title":"Proceedings of the IEEE Symposium on Security and Privacy","author":"R. Sekar","year":"2001","unstructured":"Sekar, R., Bendre, M., Dhurjati, D., Bollineni, P.: A fast automaton-based method for detecting anomalous program behaviors. In: Proceedings of the IEEE Symposium on Security and Privacy, p. 144. IEEE Computer Society, Los Alamitos (2001)"},{"key":"2_CR25","unstructured":"Kiriansky, V., Bruening, D., Amarasinghe, S.: Secure execution via program shepherding. In: Proceedings of the 11th USENIX Security Symposium, San Francisco, CA (2002)"},{"key":"2_CR26","unstructured":"Bernaschi, M., Gabrielli, E., Mancini, L.V.: Enhancements to the linux kernel for blocking buffer overflow based attacks. In: 4th Linux showcase & conference (2000)"},{"key":"2_CR27","doi-asserted-by":"publisher","first-page":"15","DOI":"10.1145\/945445.945448","volume-title":"Proceedings of the nineteenth ACM symposium on Operating systems principles","author":"R. Sekar","year":"2003","unstructured":"Sekar, R., Venkatakrishnan, V., Basu, S., Bhatkar, S., DuVarney, D.C.: Model-carrying code: a practical approach for safe execution of untrusted applications. In: Proceedings of the nineteenth ACM symposium on Operating systems principles, pp. 15\u201328. ACM Press, New York (2003)"},{"key":"2_CR28","doi-asserted-by":"crossref","unstructured":"Somayaji, A., Hofmeyr, S., Forrest, S.: Principles of a Computer Immune System. In: Proceedings of the 1997 New Security Paradigms Workshop, UK (1997)","DOI":"10.1145\/283699.283742"},{"key":"2_CR29","unstructured":"Red Hat security: Updated kon2 packages fix buffer overflow (2003)"},{"key":"2_CR30","doi-asserted-by":"crossref","unstructured":"Ashcraft, K., Engler, D.R.: Using programmer-written compiler extensions to catch security holes. In: Proceedings of the 2002 IEEE Symposium on Security and Privacy, Oakland, CA (2002)","DOI":"10.1109\/SECPRI.2002.1004368"},{"key":"2_CR31","doi-asserted-by":"crossref","unstructured":"Necula, G.C.: Proof-carrying code. In: Proceedings of the 24th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Langauges (POPL 1997), Paris, pp. 106\u2013119 (1997)","DOI":"10.1145\/263699.263712"},{"key":"2_CR32","doi-asserted-by":"publisher","first-page":"423","DOI":"10.1002\/spe.515","volume":"33","author":"K. Lhee","year":"2003","unstructured":"Lhee, K., Chapin, S.J.: Buffer Overflow and Format String Overflow Vulnerabilities. Software \u2013 Practice & Experience\u00a033, 423\u2013460 (2003)","journal-title":"Software \u2013 Practice & Experience"},{"key":"2_CR33","unstructured":"Cowan, C., Beattie, S., Johansen, J., Wagle, P.: Pointguard: Protecting pointers from buffer overflow vulnerabilities. In: Proceedings of the 12th USENIX Security Symposium (2003)"},{"key":"2_CR34","doi-asserted-by":"crossref","unstructured":"Barrantes, E.G., Ackley, D.H., Forrest, S., Palmer, T.S., Stefanovic, D., Zovi, D.D.: Randomized instruction set emulation to disrupt binary code injection attacks. In: Proceedings of the 10th ACM Conference On Computer And Communication Security (2003)","DOI":"10.1145\/948109.948147"},{"key":"2_CR35","doi-asserted-by":"crossref","unstructured":"Kc, G.S., Keromytis, A.D., Prevelakis, V.: Countering Code-Injection Attacks With Instruction-Set Randomization. In: Proceedings of the 10th ACM Conference On Computer And Communication Security (2003)","DOI":"10.1145\/948109.948146"},{"key":"2_CR36","unstructured":"Bhatkar, S., DuVarney, D.C., Sekar, R.: Address obfuscation: An efficient approach to combat a broad range of memory error exploits. In: Proceedings of the 12th USENIX Security Symposium, Washington D.C. (2003)"}],"container-title":["Lecture Notes in Computer Science","Recent Advances in Intrusion Detection"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-540-30143-1_2.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,5,3]],"date-time":"2021-05-03T03:52:22Z","timestamp":1620013942000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-540-30143-1_2"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2004]]},"ISBN":["9783540231233","9783540301431"],"references-count":36,"URL":"https:\/\/doi.org\/10.1007\/978-3-540-30143-1_2","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2004]]}}}