Identifying syntactic differences between two programs
Software—Practice & Experience
STATL: an attack language for state-based intrusion detection
Journal of Computer Security
Diversity against Accidental and Deliberate Faults
CSDA '98 Proceedings of the Conference on Computer Security, Dependability, and Assurance: From Needs to Solutions
Building Diverse Computer Systems
HOTOS '97 Proceedings of the 6th Workshop on Hot Topics in Operating Systems (HotOS-VI)
Review and analysis of synthetic diversity for breaking monocultures
Proceedings of the 2004 ACM workshop on Rapid malcode
SEAT: A Usable Trace Analysis Tool
IWPC '05 Proceedings of the 13th International Workshop on Program Comprehension
Measuring Various Properties of Execution Traces to Help Build Better Trace Analysis Tools
ICECCS '05 Proceedings of the 10th IEEE International Conference on Engineering of Complex Computer Systems
Anomalous system call detection
ACM Transactions on Information and System Security (TISSEC)
Techniques to simplify the analysis of execution traces for program comprehension
Techniques to simplify the analysis of execution traces for program comprehension
N-variant systems: a secretless framework for security through diversity
USENIX-SS'06 Proceedings of the 15th conference on USENIX Security Symposium - Volume 15
The N-Version Approach to Fault-Tolerant Software
IEEE Transactions on Software Engineering
Randomized Instruction Sets and Runtime Environments Past Research and Future Directions
IEEE Security and Privacy
Beyond Output Voting: Detecting Compromised Replicas Using HMM-Based Behavioral Distance
IEEE Transactions on Dependable and Secure Computing
Selecting and Improving System Call Models for Anomaly Detection
DIMVA '09 Proceedings of the 6th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Journal of Network and Computer Applications
A Systematic Survey of Program Comprehension through Dynamic Analysis
IEEE Transactions on Software Engineering
Detecting Intrusions through System Call Sequence and Argument Analysis
IEEE Transactions on Dependable and Secure Computing
A sense of self for Unix processes
SP'96 Proceedings of the 1996 IEEE conference on Security and privacy
A fault tolerance approach to computer viruses
SP'88 Proceedings of the 1988 IEEE conference on Security and privacy
OS diversity for intrusion tolerance: Myth or reality?
DSN '11 Proceedings of the 2011 IEEE/IFIP 41st International Conference on Dependable Systems&Networks
Behavioral distance measurement using hidden markov models
RAID'06 Proceedings of the 9th international conference on Recent Advances in Intrusion Detection
Automated discovery of mimicry attacks
RAID'06 Proceedings of the 9th international conference on Recent Advances in Intrusion Detection
Pattern-based trace correlation technique to compare software versions
AIS'12 Proceedings of the Third international conference on Autonomous and Intelligent Systems
| Hi-index | 0.00 |
Redundancy and diversity has been shown to be an effective approach for ensuring service continuity (an important requirement for autonomic systems) despite the presence of anomalies due to attacks or faults. In this paper, we focus on operating system (OS) diversity, which is useful in helping a system survive kernel-level anomalies. We propose an approach for detecting anomalies in the presence of OS diversity. We achieve this by comparing kernel-level traces generated from instances of the same application deployed on different OS. Our trace correlation process relies on the concept of trace abstraction, in which low-level system events are transformed into higher-level concepts, freeing the trace from OS-related events. We show the effectiveness of our approach through a case study, in which we selected Linux and FreeBSD as target OS. We also report on lessons learned, setting the ground for future research.