Please use this identifier to cite or link to this item:
Title: An alternative approach to computer system security monitoring and enhancement through system call sequence analysis
Researcher: Varghese, Surekha Mariam
Guide(s): Jacob, K Poulose
Keywords: Computer Sciences
Computer System Security
Bufler Overflow
Anomaly Detection
Upload Date: 19-Nov-2012
University: Cochin University of Science and Technology
Completed Date: 11/03/2008
Abstract: Modern computer systems are plagued with stability and security problems: applications lose data, web servers are hacked, and systems crash under heavy load. Many of these problems or anomalies arise from rare program newlinebehavior caused by attacks or errors. A substantial percentage of the web-based newlineattacks are due to buffer overflows. Many methods have been devised to detect and prevent anomalous situations that arise from buffer overflows. The current state-of-art of anomaly detection systems is relatively primitive and mainly depend on static code checking to take care of buffer overflow attacks. For protection, Stack Guards and I-leap Guards are also used in wide varieties. This dissertation proposes an anomaly detection system, based on frequencies of system calls in the system call trace. System call traces represented as frequency sequences are profiled using sequence sets. A sequence set is identified by the starting sequence and frequencies of specific system calls. The deviations of the current input sequence from the corresponding normal profile in the frequency pattern of system calls is computed and expressed as an anomaly newlinescore. A simple Bayesian model is used for an accurate detection. Experimental results are reported which show that frequency of system newlinecalls represented using sequence sets, captures the normal behavior of programs newlineunder normal conditions of usage. This captured behavior allows the system to detect anomalies with a low rate of false positives. Data are presented which show that Bayesian Network on frequency variations responds effectively to induced buffer overflows. It can also help administrators to detect deviations in program flow introduced due to errors.
Pagination: 111p.
Appears in Departments:Department of Computer Science

Files in This Item:
File Description SizeFormat 
01_title.pdfAttached File105.5 kBAdobe PDFView/Open
02_certificate & declarations.pdf72.65 kBAdobe PDFView/Open
03_acknowledgement & abstract.pdf96.92 kBAdobe PDFView/Open
04_contents.pdf99.63 kBAdobe PDFView/Open
05_list of figures & tables.pdf87.84 kBAdobe PDFView/Open
06_chapter 1.pdf283.85 kBAdobe PDFView/Open
07_chapter 2.pdf528.71 kBAdobe PDFView/Open
08_chapter 3.pdf203.59 kBAdobe PDFView/Open
09_chapter 4.pdf437.09 kBAdobe PDFView/Open
10_chapter 5.pdf519.55 kBAdobe PDFView/Open
11_chapter 6.pdf382.99 kBAdobe PDFView/Open
12_chapter 7.pdf268.75 kBAdobe PDFView/Open
13_chapter 8.pdf115.9 kBAdobe PDFView/Open
14_references & list of publications.pdf2.63 MBAdobe PDFView/Open

Items in Shodhganga are protected by copyright, with all rights reserved, unless otherwise indicated.