Anil Somayaji Representation Issues in Anomaly Detection, or, The Challenge of Implementing Homeostasis Many researchers have studied the applicability of "sequence-based" methods to detecting anomalous program and network behavior. While there are some exceptions, little of this follow-on work has had the impact of the original 1996 work on sequences of system calls. This talk will discuss the design decisions involved in the original development of the "system-call sequences" idea and their subsequent evolution, with an emphasis on how this work has been used as the basis for pH (Process Homeostasis), an experimental Linux-based intrusion prevention system. The talk will conclude with a discussion of lessons learned and unsolved problems.