| ||||||||||||||||||||||||||||||||||||||||||||||||||||
| Pp. 185–198 of the Proceedings |  |
Anil Somayaji
Dept. of Computer Science
University of New Mexico
Albuquerque, NM 87131
soma@cs.unm.edu
Stephanie Forrest
Santa Fe Institute
Santa Fe, NM 87501
Dept. of Computer Science
University of New Mexico
Albuquerque, NM 87131
steph@santafe.edu,
forrest@cs.unm.edu
Automated intrusion response is an important unsolved problem in computer security. A system called pH (for process homeostasis) is described which can successfully detect and stop intrusions before the target system is compromised. In its current form, pH monitors every executing process on a computer at the system-call level, and responds to anomalies by either delaying or aborting system calls. The paper presents the rationale for pH, its design and implementation, and a set of initial experimental results.
|
This paper was originally published in the
Proceedings of the 9th USENIX Security Symposium,
August 14-17, 2000, Denver, Colorado, USA
Last changed: 10 April 2002 aw |
|
