Anomalous Taint Detection

Authors:
Lorenzo Cavallaro;R. Sekar
Affiliations:
Department of Computer Science, University of California at Santa Barbara, USA;Department of Computer Science, Stony Brook University, USA
Venue:
RAID '08 Proceedings of the 11th international symposium on Recent Advances in Intrusion Detection
Year:
2008

Citing 0
Cited 2

Taint-enhanced anomaly detection

ICISS'11 Proceedings of the 7th international conference on Information Systems Security
Runtime countermeasures for code injection attacks against C and C++ programs

ACM Computing Surveys (CSUR)

Quantified Score

Hi-index	0.00

Visualization

Abstract

We propose anomalous taint detection, an approach that combines fine-grained taint tracking with learning-based anomaly detection. Anomaly detection is used to identify behavioral deviations that manifest when vulnerabilities are exercised. Fine-grained taint-tracking is used to target the anomaly detector on those aspects of program behavior that can be controlled by an attacker. Our preliminary results indicate that the combination increases detection accuracy over either technique, and promises to offer better resistance to mimicry attacks.