|
Published Articles >> Table of Contents >> Abstract
2003 IEEE Symposium on Security and Privacy
p. 62
Anomaly Detection Using Call Stack Information
Henry Hanping Feng, University of Massachusetts
Oleg M. Kolesnikov, Georgia Institute of Technology
Prahlad Fogla, Georgia Institute of Technology
Wenke Lee, Georgia Institute of Technology
Weibo Gong, University of Massachusetts
Full Article Text:
  
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/SECPRI.2003.1199328
Send link to a friend
| Abstract |
|
The call stack of a program execution can be a very good information source for intrusion detection. There is no prior work on dynamically extracting information from call stack and effectively using it to detect exploits. In this paper, we propose a new method to do anomaly detection using call stack information. The basic idea is to extract return addresses from the call stack, and generate abstract execution path between two program execution points. Experiments show that our method can detect some attacks that cannot be detected by other approaches, while its convergence and false positive performance is comparable to or better than the other approaches. We compare our method with other approaches by analyzing their underlying principles and thus achieve a better characterization of their performance, in particular, on what and why attacks will be missed by the various approaches.
|
 Additional Information
|
Citation:
Henry Hanping Feng, Oleg M. Kolesnikov, Prahlad Fogla, Wenke Lee, Weibo Gong,
"Anomaly Detection Using Call Stack Information,"
sp,
p. 62,
2003 IEEE Symposium on Security and Privacy,
2003
|
|
