Check out the new USENIX Web site. next up previous
Next: About this document ... Up: Automated Response Using System-Call Previous: Availability


Debra Anderson, Thane Frivold, and Alfonso Valdes.
Next-generation intrusion detection expert system (NIDES): A summary.
Technical Report SRI-CSL-95-07, Computer Science Laboratory, SRI International, May 1995.

Ivan Arce.
SSH-1.2.27 & RSAREF2 exploit.
BUGTRAQ Mailing list (, December 14 1999.
Message-ID: <>.

Axent Technologies, Inc.
Netprowler., 2000.

M. J. Bach.
The Design of the UNIX Operating System.
Prentice-Hall, Englewood Cliffs, NJ, 1986.

Brian Bershad, Stefan Savage, Przemyslaw Pardyak, Emin Gun Sirer, David Becker, Marc Fiuczynski, Craig Chambers, and Susan Eggers.
Extensibility, safety and performance in the spin operating system.
In Proceedings of the 15th ACM Symposium on Operating System Principles (SOSP-15), pages 267-284, Copper Mountain, CO, 1995.

Thomas E. Bihari and Karsten Schwan.
Dynamic adaptation of real-time software.
ACM Transactions on Computer Systems, 9(2):143-174, May 1991.

P.R. Blevins and C.V. Ramamoorthy.
Aspects of a dynamically adaptive operating system.
IEEE Transactions on Computers, 25(7):713-725, July 1976.

Anita Borg, Wolfgang Blau, Wolfgang Graetsch, Ferdinand Herrmann, and Wolfgang Oberle.
Fault tolerance under unix.
ACM Transactions on Computer Systems, 7(1):1-24, February 1989.

Rodney A. Brooks.
A robust layered control system for a mobile robot.
A.I. Memo 864, Massachusetts Institute of Technology, September 1985.

Rodney A. Brooks and Anita M. Flynn.
Fast, cheap, and out of control: a robot invasion of the solar system.
Journal of The British Interplanetary Society, 42:478-485, 1989.

A. Brown and M. Seltzer.
Operating system benchmarking in the wake of lmbench: A case study of the performance of netbsd on the intel x86 architecture.
In Proceedings of the 1997 ACM SIGMETRICS Conference on Measurement and Modeling of Computer Systems, Seattle, WA, June 1997.

Cisco Systems, Inc.
Cisco secure intrusion detection system., 1999.

Sendmail Consortium., 2000.

Transmeta Corporation.
Crusoe processor: Longrun technology., January 2000.

Michael D. Ernst, Adam Czeisler, William G. Griswold, , and David Notkin.
Quickly detecting relevant program invariants.
In Proceedings of the 22nd International Conference on Software Engineering (ICSE 2000), Limerick, Ireland, June 7-9 2000.

S. Forrest, S. Hofmeyr, A. Somayaji, and T. Longstaff.
A sense of self for unix processes.
In Proceedings of the 1996 IEEE Symposium on Computer Security and Privacy. IEEE Press, 1996.

L. T. Heberlein, G. V. Dias, K. N. Levitt, B. Mukherjee, J. Wood, and D. Wolber.
A network security monitor.
In Proceedings of the IEEE Symposium on Security and Privacy. IEEE Press, 1990.

G.J. Henry.
The fair share scheduler.
Bell Systems Technical Journal, 63(8):1845-1857, October 1984.

M. A. Hiltunen and R. D. Schlichting.
Adaptive distributed and fault-tolerant systems.
Computer Systems Science and Engineering, 11(5):275-285, September 1996.

S. Hofmeyr, A. Somayaji, and S. Forrest.
Intrusion detection using sequences of system calls.
Journal of Computer Security, 6:151-180, 1998.

Steven A. Hofmeyr.
An Immunological Model of Distributed Detection and its Application to Computer Security.
PhD thesis, University of New Mexico, 1999.

Internet Security Systems, Inc.
RealSecure 3.0., 1999.

M. Frans Kaashoek, Dawson R. Engler, Gregory R. Ganger, Héctor M. Briceño, Russell Hunt, David Mazières, Thomas Pinckney, Robert Grimm, John Jannotti, and Kenneth Mackenzie.
Application performance and flexibility on exokernel systems.
In Proceedings of the 16th ACM Symposium on Operating Systems Principles (SOSP '97), pages 52-65, Saint-Malô, France, October 1997.

J. Kay and P. Lauder.
A fair share scheduler.
Communications of the ACM, 31(1):44-55, January 1988.

D.M. Ogle, K. Schwan, and R. Snodgrass.
Application-dependent dynamic monitoring of distributed and parallel systems.
IEEE Transactions on Parallel and Distributed Systems, 4(7):762-778, July 1993.

Erin O'Neill. Personal Communication, October 1998.

P. Porras and P. G. Neumann.
EMERALD: Event monitoring enabling responses to anomalous live disturbances.
In Proceedings National Information Systems Security Conference, 1997.

Wojciech Purczynski.
Sendmail & procmail local root exploits on Linux kernel up to 2.2.16pre5.
BUGTRAQ Mailing list (, June 9 2000.
Message-ID: <>.

SSH Communications Security. SSH secure shell., 2000.

R. Sekar, T. Bowen, and M. Segal.
On preventing intrusions by process behavior monitoring.
In Proceedings of the Workshop on Intrusion Detection and Network Monitoring. The USENIX Association, April 1999.

Margo Seltzer, Yasuhiro Endo, Christopher Small, and Keith Smith.
Dealing with disaster: Surviving misbehaved kernel extensions.
In Proceedings of the 1996 Symposium on Operating System Design and Implementation (OSDI II), 1999.

Margo Seltzer and Christopher Small.
Self-monitoring and self-adapting systems.
In Proceedings of the 1997 Workshop on Hot Topics on Operating Systems, Chatham, MA, May 1997.

E. Shokri, H. Hecht, P. Crane, J. Dussault, and K.H. Kim.
An approach for adaptive fault-tolerance in object-oriented open distributed systems.
International Journal of Software Engineering and Knowledge Engineering, 8(3):333-346, September 1998.

A. Somayaji, S. Hofmeyr, and S. Forrest.
Principles of a computer immune system.
In New Security Paradigms Workshop, New York, 1998. Association for Computing Machinery.

SPI. Debian., 2000.

Andrew S. Tanenbaum.
Computer Networks, chapter 3, pages 145-146.
Prentice Hall PTR, Englewood Cliffs, NJ, 2nd edition, 1989.

timecop. Root kit SSH 5.0., January 2000.

C. Warrender, S. Forrest, and B. Pearlmutter.
Detecting intrusions using system calls: Alternative data models.
In Proceedings of the 1999 IEEE Symposium on Security and Privacy, pages 133-145, Los Alamitos, CA, 1999. IEEE Computer Society.

G. Weikum, C. Hasse, A. Monkeberg, and P. Zabback.
The COMFORT automatic tuning project.
Information Systems, 19(5):381-432, July 1994.

Anil B. Somayaji 2000-06-14