The idea behind Code-based Intrusion Detection Systems is not new – a lot of academic research have explored this methodology in the past few years.
The first and seminal paper about this Intrusion Detection concept was published by David Wagner and Drew Dean at 2001:
David Wagner and Drew Dean. Intrusion detection via static analysis. In SP ’01: Proceedings ofthe 2001 IEEE Symposium on Security and Privacy, page 156, Washington, DC, USA, 2001. IEEE Computer Society.
Many great papers have been published following Wagner and Dean’s work.
Here are some of these papers (with no particular order):
Henry Hanping Feng, Oleg M. Kolesnikov, Prahlad Fogla, Wenke Lee, and Weibo Gong. Anomaly detection using call stack information. In SP ’03: Proceedings of the 2003 IEEE Symposium on Security and Privacy, page 62, Washington, DC, USA, 2003. IEEE Computer Society.
Jonathon T. Giffin, David Dagon, Somesh Jha, Wenke Lee, and Barton P. Miller. Environment-sensitive intrusion detection. In Recent Advances in Intrusion Detection, pages 185–206, 2005.
Jonathon T. Giffin, Somesh Jha, and Barton P. Miller. Detecting manipulated remote call streams. In Proceedings of the 11th USENIX Security Symposium, pages 61–79. USENIX Association, 2002.
Giffin, S. Jha, and B. Miller. Efficient context-sensitive intrusion detection. In Proc. 11th Annual Network and Distributed Systems Security Symposium (NDSS), 2004.
Debin Gao, Michael K. Reiter, and Dawn Song. Gray-box extraction of execution graphs for anomaly detection. In CCS ’04: Proceedings of the 11th ACM conference on Computer and communications security, pages 318–329, New York, NY, USA, 2004. ACM.
Rajeev Gopalakrishna, Eugene H. Spafford, and Jan Vitek. Efficient intrusion detection using automaton inlining. In SP ’05: Proceedings of the 2005 IEEE Symposium on Security and Privacy, pages 18–31, Washington, DC, USA, 2005. IEEE Computer Society.
H.H. Feng H.H., J.T. Giffin, Yong Huang, S. Jha, Wenke Lee, and B.P. Miller. Formalizing sensitivity in static analysis for intrusion detection. In Proceedings IEEE Symposium on Security and Privacy, pages 194–208, 9-12 May 2004.
Zhen Liu, Susan M. Bridges, and Rayford B. Vaughn. Combining static analysis and dynamic learning to build accurate intrusion detection models. Third IEEE International Workshop on Information Assurance (IWIA’05), 0:164–177, 2005.
Lam, L. C., Li, W., and Chiueh, T. 2006. Accurate and Automated System Call Policy-Based Intrusion Prevention. In Proceedings of the international Conference on Dependable Systems and Networks (June 25 – 28, 2006). DSN. IEEE Computer Society, Washington, DC, 413-424. DOI= http://dx.doi.org/10.1109/DSN.2006.10
