Time, clocks, and the ordering of events in a distributed system
Communications of the ACM
Aggregation and Correlation of Intrusion-Detection Alerts
RAID '00 Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection
SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
Snort - Lightweight Intrusion Detection for Networks
LISA '99 Proceedings of the 13th USENIX conference on System administration
File System Forensic Analysis
Vigilante: end-to-end containment of internet worms
Proceedings of the twentieth ACM symposium on Operating systems principles
The taser intrusion recovery system
Proceedings of the twentieth ACM symposium on Operating systems principles
Rx: treating bugs as allergies---a safe method to survive software failures
Proceedings of the twentieth ACM symposium on Operating systems principles
Host Integrity Monitoring Using Osiris and Samhain
Host Integrity Monitoring Using Osiris and Samhain
QEMU, a fast and portable dynamic translator
ATEC '05 Proceedings of the annual conference on USENIX Annual Technical Conference
Detecting targeted attacks using shadow honeypots
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
Transparent run-time defense against stack smashing attacks
ATEC '00 Proceedings of the annual conference on USENIX Annual Technical Conference
Sweeper: a lightweight end-to-end system for defending against fast worms
Proceedings of the 2nd ACM SIGOPS/EuroSys European Conference on Computer Systems 2007
Bouncer: securing software by blocking bad input
Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles
Panorama: capturing system-wide information flow for malware detection and analysis
Proceedings of the 14th ACM conference on Computer and communications security
BotHunter: detecting malware infection through IDS-driven dialog correlation
SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
BitBlaze: A New Approach to Computer Security via Binary Analysis
ICISS '08 Proceedings of the 4th International Conference on Information Systems Security
First-aid: surviving and preventing memory management bugs during production runs
Proceedings of the 4th ACM European conference on Computer systems
Trail of bytes: efficient support for forensic analysis
Proceedings of the 17th ACM conference on Computer and communications security
Cost-aware systemwide intrusion defense via online forensics and on-demand detector deployment
Proceedings of the 3rd ACM workshop on Assurable and usable security configuration
FLIPS: hybrid adaptive intrusion prevention
RAID'05 Proceedings of the 8th international conference on Recent Advances in Intrusion Detection
POSTER: Sechduler: a security-aware kernel scheduler
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Hi-index | 0.00 |
Detecting intrusions early enough can be a challenging and expensive endeavor.While intrusion detection techniques exist formany types of vulnerabilities, deploying them all to catch the small number of vulnerability exploitations that might actually exist for a given system is not cost-effective. In this paper, we present FloGuard, an on-line intrusion forensics and on-demand detector selection framework that provides systems with the ability to deploy the right detectors dynamically in a cost-effective manner when the system is threatened by an exploit. FloGuard relies on often easy-to-detect symptoms of attacks, e.g., participation in a botnet, and works backwards by iteratively deploying off-the-shelf detectors closer to the initial attack vector. The experiments using the EggDrop bot and systems with real vulnerabilities show that FloGuard can efficiently localize the attack origins even for unknown vulnerabilities, and can judiciously choose appropriate detectors to prevent them from being exploited in the future.