{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2024,9,4]],"date-time":"2024-09-04T22:44:07Z","timestamp":1725489847899},"publisher-location":"Berlin, Heidelberg","reference-count":34,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"type":"print","value":"9783540743194"},{"type":"electronic","value":"9783540743200"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"DOI":"10.1007\/978-3-540-74320-0_2","type":"book-chapter","created":{"date-parts":[[2007,8,16]],"date-time":"2007-08-16T13:47:48Z","timestamp":1187272068000},"page":"21-41","source":"Crossref","is-referenced-by-count":11,"title":["Understanding Precision in Host Based Intrusion Detection"],"prefix":"10.1007","author":[{"given":"Monirul","family":"Sharif","sequence":"first","affiliation":[]},{"given":"Kapil","family":"Singh","sequence":"additional","affiliation":[]},{"given":"Jonathon","family":"Giffin","sequence":"additional","affiliation":[]},{"given":"Wenke","family":"Lee","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"key":"2_CR1","unstructured":"GNU Indent Local Heap Overflow Vulnerability, http:\/\/www.securityfocus.com\/bid\/9297\/"},{"key":"2_CR2","unstructured":"GnuPG Format String Vulnerability, http:\/\/www.securityfocus.com\/bid\/2797\/"},{"key":"2_CR3","unstructured":"imapd Buffer Overflow Vulnerability, http:\/\/www.securityfocus.com\/bid\/130\/"},{"key":"2_CR4","unstructured":"thttpd defang Buffer Overflow Vulnerability, http:\/\/www.securityfocus.com\/bid\/8906\/"},{"key":"2_CR5","volume-title":"Proceedings of ACM Computer and Communications Security (CCS)","author":"M. Abadi","year":"2005","unstructured":"Abadi, M., Budiu, M., Erlingsson, U., Ligatti, J.: Control-Flow Integrity: Principles, Implementations, and Applications. In: Proceedings of ACM Computer and Communications Security (CCS), Alexandria, Virginia, November 2005, ACM Press, New York (2005)"},{"key":"2_CR6","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","DOI":"10.1007\/11576280_9","volume-title":"Formal Methods and Software Engineering","author":"M. Abadi","year":"2005","unstructured":"Abadi, M., Budiu, M., Erlingsson, U., Ligatti, J.: A theory of secure control flow. In: Lau, K.-K., Banach, R. (eds.) ICFEM 2005. LNCS, vol.\u00a03785, Springer, Heidelberg (2005)"},{"key":"2_CR7","volume-title":"IEEE Symposium on Security and Privacy","author":"S. Bhatkar","year":"2006","unstructured":"Bhatkar, S., Chaturvedi, A., Sekar, R.: Dataflow anomaly detection. In: IEEE Symposium on Security and Privacy, Oakland, California, May 2006, IEEE Computer Society Press, Los Alamitos (2006)"},{"key":"2_CR8","volume-title":"ACM Conference on Computer and Communications Security (CCS)","author":"H. Chen","year":"2002","unstructured":"Chen, H., Wagner, D.: MOPS: An infrastructure for examining security properties of software. In: ACM Conference on Computer and Communications Security (CCS), Washington, DC, November 2002, ACM Press, New York (2002)"},{"key":"2_CR9","volume-title":"Proceedings of the IEEE Symposium on Security and Privacy","author":"H. Feng","year":"2004","unstructured":"Feng, H., Giffin, J., Huang, Y., Jha, S., Lee, W., Miller, B.: Formalizing sensitivity in static analysis for intrusion detection. In: Proceedings of the IEEE Symposium on Security and Privacy, Oakland, California, May 2004, IEEE Computer Society Press, Los Alamitos (2004)"},{"key":"2_CR10","volume-title":"Proceedings of the IEEE Symposium on Security and Privacy","author":"H. Feng","year":"2003","unstructured":"Feng, H., Kolesnikov, O., Fogla, P., Lee, W., Gong, W.: Anomaly detection using call stack information. In: Proceedings of the IEEE Symposium on Security and Privacy, Oakland, California, May 2003, IEEE Computer Society Press, Los Alamitos (2003)"},{"key":"2_CR11","volume-title":"Proceedings of the IEEE Symposium on Security and Privacy","author":"S. Forrest","year":"1996","unstructured":"Forrest, S., Hofmeyr, S.A., Somayaji, A., Longstaff, T.A.: A sense of self for unix processes. In: Proceedings of the IEEE Symposium on Security and Privacy, Oakland, California, May 1996, IEEE Computer Society Press, Los Alamitos (1996)"},{"key":"2_CR12","volume-title":"Proceedings of the 11th ACM Conference on Computer and Communications Security (CCS)","author":"D. Gao","year":"2003","unstructured":"Gao, D., Reiter, M., Song, D.: Gray-box extraction of execution graphs for anomaly detection. In: Proceedings of the 11th ACM Conference on Computer and Communications Security (CCS), Washington, DC, October 2003, ACM Press, New York (2003)"},{"key":"2_CR13","unstructured":"Gao, D., Reiter, M.K., Song, D.: On gray-box program tracking for anomaly detection. In: USENIX Security Symposium, San Diego, California (August 2004)"},{"key":"2_CR14","unstructured":"Garvey, T., Lunt, T.: Model-based intrusion detection. In: Proceedings of the 14th National Computer Security Conf. (NCSC), Baltimore, Maryland (June 1991)"},{"key":"2_CR15","unstructured":"Ghosh, A., Schwartzbard, A., Schatz, M.: Learning program behavior profiles for intrusion detection. In: Proceedings of the 1st USENIX Workshop on Intrusion Detection and Network Monitoring, Santa Clara, California (April 1999)"},{"key":"2_CR16","unstructured":"Giffin, J., Jha, S., Miller, B.: Detecting manipulated remote call streams. In: Proceedings of the 11th USENIX Security Symposium, San Francisco, California, August 2002 (2002)"},{"key":"2_CR17","unstructured":"Giffin, J., Jha, S., Miller, B.: Efficient context-sensitive intrusion detection. In: Proceedings of the 11th Annual Network and Distributed Systems Security Symposium (NDSS), San Diego, California, February 2004 (2004)"},{"key":"2_CR18","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","DOI":"10.1007\/11856214_3","volume-title":"Recent Advances in Intrusion Detection","author":"J.T. Giffin","year":"2006","unstructured":"Giffin, J.T., Jha, S., Miller, B.P.: Automated discovery of mimicry attacks. In: Zamboni, D., Kruegel, C. (eds.) RAID 2006. LNCS, vol.\u00a04219, Springer, Heidelberg (2006)"},{"key":"2_CR19","doi-asserted-by":"crossref","unstructured":"Hollingsworth, J.K., Miller, B.P., Cargille, J.: Dynamic program instrumentation for scalable performance tools. In: Proceedings of the Scalable High Performance Computing Conference, Knoxville, Tennessee (May 1994)","DOI":"10.1109\/SHPCC.1994.296728"},{"key":"2_CR20","doi-asserted-by":"crossref","unstructured":"Ko, C., Fink, G., Levitt, K.: Automated detection of vulnerabilities in privileged programs by execution monitoring. In: Proceedings of the 10th Annual Computer Security Applications Conference (ACSAC), Orlando, Florida (December 1994)","DOI":"10.1109\/CSAC.1994.367313"},{"key":"2_CR21","unstructured":"Kruegel, C., Kirda, E., Mutz, D., Robertson, W., Vigna, G.: Automating mimicry attacks using static binary analysis. In: Proceedings of the USENIX Security Symposium, Baltimore, Maryland (August 2005)"},{"key":"2_CR22","series-title":"Lecture Notes in Computer Science","volume-title":"Computer Security \u2013 ESORICS 2003","author":"C. Kruegel","year":"2003","unstructured":"Kruegel, C., Mutz, D., Valeur, F., Vigna, G.: On the detection of anomalous system call arguments. In: Snekkenes, E., Gollmann, D. (eds.) ESORICS 2003. LNCS, vol.\u00a02808, Springer, Heidelberg (2003)"},{"key":"2_CR23","doi-asserted-by":"crossref","unstructured":"Lam, L., Chiueh, T.: Automatic extraction of accurate application-specific sandboxing policy. In: Recent Advances in Intrusion Detection, Sophia Antipolis, France, September 2004 (2004)","DOI":"10.1007\/978-3-540-30143-1_1"},{"key":"2_CR24","unstructured":"Lam, L., Li, W., Chiueh, T.: Accurate and automated system call policy-based intrusion prevention. In: The International Conference on Dependable Systems and Networks (DSN), Philadelphia, PA, USA (June 2006)"},{"issue":"4","key":"2_CR25","doi-asserted-by":"publisher","first-page":"323","DOI":"10.1145\/161494.161501","volume":"1","author":"W. Landi","year":"1992","unstructured":"Landi, W.: Undecidability of static analysis. ACM Letters on Programming Languages and Systems (LOPLAS)\u00a01(4), 323\u2013337 (1992)","journal-title":"ACM Letters on Programming Languages and Systems (LOPLAS)"},{"key":"2_CR26","volume-title":"Proceedings of the IEEE Symposium on Security and Privacy","author":"W. Lee","year":"1999","unstructured":"Lee, W., Stolfo, S., Mok, K.: A data mining framework for building intrusion detection models. In: Proceedings of the IEEE Symposium on Security and Privacy, Oakland, California, May 1999, IEEE Computer Society Press, Los Alamitos (1999)"},{"key":"2_CR27","volume-title":"Proceedings of the IEEE Symposium on Security and Privacy","author":"R. Sekar","year":"2001","unstructured":"Sekar, R., Bendre, M., Bollineni, P., Dhurjati, D.: A fast automaton-based method for detecting anomalous program behaviors. In: Proceedings of the IEEE Symposium on Security and Privacy, Oakland, California, May 2001, IEEE Computer Society Press, Los Alamitos (2001)"},{"key":"2_CR28","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","DOI":"10.1007\/3-540-36084-0_4","volume-title":"Recent Advances in Intrusion Detection","author":"K. Tan","year":"2002","unstructured":"Tan, K., Killourhy, K.S., Maxion, R.A.: Undermining an anomaly-based intrusion detection system using common exploits. In: Wespi, A., Vigna, G., Deri, L. (eds.) RAID 2002. LNCS, vol.\u00a02516, Springer, Heidelberg (2002)"},{"key":"2_CR29","volume-title":"Handbook of Information Security","author":"G. Vigna","year":"2005","unstructured":"Vigna, G., Kruegel, C.: Handbook of Information Security. ch. Host-based Intrusion Detection Systems. Wiley, Chichester (December 2005)"},{"key":"2_CR30","doi-asserted-by":"crossref","unstructured":"Wagner, D.: Static Analysis and Computer Security: New Techniques for Software Assurance. Ph.D. dissertation, University of California at Berkeley (2000)","DOI":"10.1007\/3-540-47764-0_25"},{"key":"2_CR31","volume-title":"Proceedings of the IEEE Symposium on Security and Privacy","author":"D. Wagner","year":"2001","unstructured":"Wagner, D., Dean, D.: Intrusion detection via static analysis. In: Proceedings of the IEEE Symposium on Security and Privacy, Oakland, California, May 2001, IEEE Computer Society Press, Los Alamitos (2001)"},{"key":"2_CR32","volume-title":"Proceedings of the Ninth ACM Conference on Computer and Communications Security (CCS)","author":"D. Wagner","year":"2002","unstructured":"Wagner, D., Soto, P.: Mimicry attacks on host based intrusion detection systems. In: Proceedings of the Ninth ACM Conference on Computer and Communications Security (CCS), Washington, DC, November 2002, ACM Press, New York (2002)"},{"key":"2_CR33","series-title":"Lecture Notes in Computer Science","volume-title":"Recent Advances in Intrusion Detection","author":"H. Xu","year":"2004","unstructured":"Xu, H., Du, W., Chapin, S.J.: Context sensitive anomaly monitoring of process control flow to detect mimicry attacks and impossible paths. In: Jonsson, E., Valdes, A., Almgren, M. (eds.) RAID 2004. LNCS, vol.\u00a03224, Springer, Heidelberg (2004)"},{"key":"2_CR34","doi-asserted-by":"crossref","unstructured":"Zhang, T., Zhuang, X., Lee, W., Pande, S.: Anomalous path detection with hardware support. In: Proceedings of the International Conference on Compilers, Architectures and Synthesis of Embedded Systems (CASES), San Francisco, CA (July 2005)","DOI":"10.1145\/1086297.1086305"}],"container-title":["Lecture Notes in Computer Science","Recent Advances in Intrusion Detection"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-540-74320-0_2.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2020,11,19]],"date-time":"2020-11-19T05:21:35Z","timestamp":1605763295000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-540-74320-0_2"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[null]]},"ISBN":["9783540743194","9783540743200"],"references-count":34,"URL":"https:\/\/doi.org\/10.1007\/978-3-540-74320-0_2","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[]}}