Autor: |
Jewell, Brian, Beaver, Justin |
Zdroj: |
Proceedings of the International Conference on Information Warfare & Security; 2011, p134-142, 9p, 1 Chart, 3 Graphs |
Abstrakt: |
The host-based detection of malicious data exfiltration activities is currently a sparse area of research and mostly limited to methods that analyze network traffic or signature based detection methods that target specific processes. In this paper we explore an alternative method to host-based detection that exploits sequences of system calls and new collection methods that allow us to catch these activities in real time. We show that system call sequences can be found to reach a steady state across processes and users, and explore the viability of new methods as heuristics for profiling user behaviors. [ABSTRACT FROM AUTHOR] |
Databáze: |
Complementary Index |
Externí odkaz: |
|