Handbook of Theoretical Computer Science
Handbook of Theoretical Computer Science
From Declarative Signatures to Misuse IDS
RAID '00 Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection
Experiences with Specification-Based Intrusion Detection
RAID '00 Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection
Reachability Analysis of Pushdown Automata: Application to Model-Checking
CONCUR '97 Proceedings of the 8th International Conference on Concurrency Theory
Detecting Manipulated Remote Call Streams
Proceedings of the 11th USENIX Security Symposium
Efficient Algorithms for Model Checking Pushdown Systems
CAV '00 Proceedings of the 12th International Conference on Computer Aided Verification
A BDD-Based Model Checker for Recursive Programs
CAV '01 Proceedings of the 13th International Conference on Computer Aided Verification
USTAT: A Real-Time Intrusion Detection System for UNIX
SP '93 Proceedings of the 1993 IEEE Symposium on Security and Privacy
Intrusion Detection via Static Analysis
SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
Synthesizing fast intrusion prevention/detection systems from high-level specifications
SSYM'99 Proceedings of the 8th conference on USENIX Security Symposium - Volume 8
Proceedings of the 12th ACM conference on Computer and communications security
Control-flow integrity principles, implementations, and applications
ACM Transactions on Information and System Security (TISSEC)
Automatically Adapting a Trained Anomaly Detector to Software Patches
RAID '09 Proceedings of the 12th International Symposium on Recent Advances in Intrusion Detection
Efficient and practical control flow monitoring for program security
ASIAN'06 Proceedings of the 11th Asian computing science conference on Advances in computer science: secure software and related issues
Control-flow integrity principles, implementations, and applications
ACM Transactions on Information and System Security (TISSEC)
| Hi-index | 0.00 |
Model or specification based intrusion detection systems have been effective in detecting known and unknown host based attacks with few false alarms [12, 15] In this approach, a model of program behavior is developed either manually, by using a high level specification language, or automatically, by static or dynamic analysis of the program The actual program execution is then monitored using the modeled behavior; deviations from the modeled behavior are flagged as attacks In this paper we discuss a novel model generated using static analysis of executables (binary code) Our key contribution is a model which is precise and runtime efficient Specifically, we extend the efficient control flow graph (CFG) based program behavioral model, with context sensitive information, thus, providing the precision afforded by the more expensive push down systems (PDS) Executables are instrumented with operations on auxiliary variables, referred to as proxi variables These annotated variables allow the resulting context sensitive control flow graphs obtained by statically analyzing the executables to be deterministic at runtime We prove that the resultant model, called proxi-annotated control flow graph, is as precise as previous approaches which use context sensitive push-down models and in-fact, enhances the runtime efficiency of such models We show the flexibility of our technique to handle different variations of recursion in a program efficiently This results in better treatment of monitoring programs where the recursion depth is not pre-determined.