C4.5: programs for machine learning
C4.5: programs for machine learning
Trusted Computing Platforms: TCPA Technology in Context
Trusted Computing Platforms: TCPA Technology in Context
Architecture for an Artificial Immune System
Evolutionary Computation
PRIMA: policy-reduced integrity measurement architecture
Proceedings of the eleventh ACM symposium on Access control models and technologies
Data Mining: Practical Machine Learning Tools and Techniques, Second Edition (Morgan Kaufmann Series in Data Management Systems)
Design and implementation of a TCG-based integrity measurement architecture
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Intrusion detection using sequences of system calls
Journal of Computer Security
Linux kernel integrity measurement using contextual inspection
Proceedings of the 2007 ACM workshop on Scalable trusted computing
The geometry of innocent flesh on the bone: return-into-libc without function calls (on the x86)
Proceedings of the 14th ACM conference on Computer and communications security
Flicker: an execution infrastructure for tcb minimization
Proceedings of the 3rd ACM SIGOPS/EuroSys European Conference on Computer Systems 2008
Model-based behavioral attestation
Proceedings of the 13th ACM symposium on Access control models and technologies
Remote attestation on program execution
Proceedings of the 3rd ACM workshop on Scalable trusted computing
Remote Attestation of Attribute Updates and Information Flows in a UCON System
Trust '09 Proceedings of the 2nd International Conference on Trusted Computing
On achieving good operating points on an ROC plane using stochastic anomaly score prediction
Proceedings of the 16th ACM conference on Computer and communications security
Proceedings of the 2009 ACM workshop on Scalable trusted computing
The WEKA data mining software: an update
ACM SIGKDD Explorations Newsletter
Exploiting execution context for the detection of anomalous system calls
RAID'07 Proceedings of the 10th international conference on Recent advances in intrusion detection
Detecting motifs in system call sequences
WISA'07 Proceedings of the 8th international conference on Information security applications
Beyond kernel-level integrity measurement: enabling remote attestation for the android platform
TRUST'10 Proceedings of the 3rd international conference on Trust and trustworthy computing
A sense of self for Unix processes
SP'96 Proceedings of the 1996 IEEE conference on Security and privacy
Remote attestation on function execution (work-in-progress)
INTRUST'09 Proceedings of the First international conference on Trusted Systems
Achieving attestation with less effort: an indirect and configurable approach to integrity reporting
Proceedings of the sixth ACM workshop on Scalable trusted computing
Design and implementation of an efficient framework for behaviour attestation using n-call slides
Proceedings of the 8th International Conference on Ubiquitous Information Management and Communication
| Hi-index | 0.00 |
Remote attestation is an essential feature of Trusted Computing that allows a challenger to verify the trustworthiness of a target platform. Existing approaches towards remote attestation are largely static or too restrictive. In this paper, we present a new paradigm in remote attestation that leverages recent advancements in intrusion detection systems. This new approach allows the modeling of an application's behavior through stochastic models of machine learning. We present the idea of using sequences of system calls as a metric for our stochastic models to predict the trustworthiness of a target application. This new remote attestation technique enables detection of unknown and zero-day malware as opposed to the known-good and known-bad classification currently being used. We provide the details of challenges faced in the implementation of this new paradigm and present empirical evidence supporting the effectiveness of our approach.