摘要 |
Secure initialization for detecting intrusions is disclosed. The secure initialization includes storing a behavior profile associated with an application, and reading the stored behavior profile that is cryptographically protected. The method further includes monitoring execution of the application during a bootstrapping phase of an intrusion detection system, according to the stored behavior profile. If the behavior of the application does not conform to the behavior profile, a message is issued indicating that the application is not conforming to the behavior profile. The behavior profile can be generated by a developer of the intrusion detection system, a developer of the application, and/or a third party developer. Additionally, the behavior profile is generated by executing the system on a reference computer system or by heuristic determination.
|