Mining association rules between sets of items in large databases
SIGMOD '93 Proceedings of the 1993 ACM SIGMOD international conference on Management of data
Multivariate visualization in observation-based testing
Proceedings of the 22nd international conference on Software engineering
jRapture: A Capture/Replay tool for observation-based testing
Proceedings of the 2000 ACM SIGSOFT international symposium on Software testing and analysis
A lattice model of secure information flow
Communications of the ACM
An empirical study of regression test selection techniques
ACM Transactions on Software Engineering and Methodology (TOSEM)
Dynamically Discovering Likely Program Invariants to Support Program Evolution
IEEE Transactions on Software Engineering - Special issue on 1999 international conference on software engineering
Visualization of test information to assist fault localization
Proceedings of the 24th International Conference on Software Engineering
Mimicry attacks on host-based intrusion detection systems
Proceedings of the 9th ACM conference on Computer and communications security
Analysis and Results of the 1999 DARPA Off-Line Intrusion Detection Evaluation
RAID '00 Proceedings of the Third International Workshop on Recent Advances in Intrusion Detection
What We Have Learned About Fighting Defects
METRICS '02 Proceedings of the 8th International Symposium on Software Metrics
Anomaly Detection Using Call Stack Information
SP '03 Proceedings of the 2003 IEEE Symposium on Security and Privacy
Intrusion Detection via Static Analysis
SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
Efficient and precise dynamic impact analysis using execute-after sequences
Proceedings of the 27th international conference on Software engineering
ICAC '05 Proceedings of the Second International Conference on Automatic Computing
CUTE: a concolic unit testing engine for C
Proceedings of the 10th European software engineering conference held jointly with 13th ACM SIGSOFT international symposium on Foundations of software engineering
Empirical Software Engineering
Finding application errors and security flaws using PQL: a program query language
OOPSLA '05 Proceedings of the 20th annual ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications
A hybrid heuristic for the maximum clique problem
Journal of Heuristics
Anomalous system call detection
ACM Transactions on Information and System Security (TISSEC)
Towards Automatic Generation of Vulnerability-Based Signatures
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
An empirical study of the strength of information flows in programs
Proceedings of the 2006 international workshop on Dynamic systems analysis
Autograph: toward automated, distributed worm signature detection
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Search Algorithms for Regression Test Case Prioritization
IEEE Transactions on Software Engineering
Data mining approaches for intrusion detection
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
Creating Vulnerability Signatures Using Weakest Preconditions
CSF '07 Proceedings of the 20th IEEE Computer Security Foundations Symposium
An Empirical Study of Test Case Filtering Techniques Based on Exercising Information Flows
IEEE Transactions on Software Engineering
Panorama: capturing system-wide information flow for malware detection and analysis
Proceedings of the 14th ACM conference on Computer and communications security
Towards Self-Protecting Enterprise Applications
ISSRE '07 Proceedings of the The 18th IEEE International Symposium on Software Reliability
Empirical Software Engineering
Algorithms and tool support for dynamic information flow analysis
Information and Software Technology
An empirical study of the factors that reduce the effectiveness of coverage-based fault localization
Proceedings of the 2nd International Workshop on Defects in Large Software Systems: Held in conjunction with the ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA 2009)
Measuring the strength of information flows in programs
ACM Transactions on Software Engineering and Methodology (TOSEM)
Intrusion detection using signatures extracted from execution profiles
IWSESS '09 Proceedings of the 2009 ICSE Workshop on Software Engineering for Secure Systems
Fault localization based on information flow coverage
Software Testing, Verification & Reliability
Abandonware: Computer software, Copyright, Office suite, Public domain, List of commercial video games released as freeware, Orphan works
Cleansing Test Suites from Coincidental Correctness to Enhance Fault-Localization
ICST '10 Proceedings of the 2010 Third International Conference on Software Testing, Verification and Validation
A sense of self for Unix processes
SP'96 Proceedings of the 1996 IEEE conference on Security and privacy
An algorithm for capturing variables dependences in test suites
Journal of Systems and Software
Are automated debugging techniques actually helping programmers?
Proceedings of the 2011 International Symposium on Software Testing and Analysis
Identifying Failure-Correlated Dependence Chains
ICSTW '11 Proceedings of the 2011 IEEE Fourth International Conference on Software Testing, Verification and Validation Workshops
Using AOP for detailed runtime monitoring instrumentation
WODA '09 Proceedings of the Seventh International Workshop on Dynamic Analysis
Test case filtering and prioritization based on coverage of combinations of program elements
WODA '09 Proceedings of the Seventh International Workshop on Dynamic Analysis
Automated discovery of mimicry attacks
RAID'06 Proceedings of the 9th international conference on Recent Advances in Intrusion Detection
IEEE Transactions on Systems, Man, and Cybernetics, Part C: Applications and Reviews
Enhancing Fault Localization via Multivariate Visualization
ICST '12 Proceedings of the 2012 IEEE Fifth International Conference on Software Testing, Verification and Validation
Language-based information-flow security
IEEE Journal on Selected Areas in Communications
Hi-index | 0.00 |
Context: Program execution profiles have been extensively and successfully used in several dynamic analysis fields such as software testing and fault localization. Objective: This paper presents a pattern-matching approach implemented as an application-based intrusion (and failure) detection system that operates on signatures generated from execution profiles. Such signatures are not descriptions of exploits, i.e. they do not depend on the syntax or semantics of the exploits, but instead are descriptions of program events that correlate with the exploitation of program vulnerabilities. Method: A vulnerability exploit is generally correlated with the execution of a combination of program elements, such as statements, branches, and definition-use pairs. In this work we first analyze the execution profiles of a vulnerable application in order to identify such suspicious combinations, define signatures that describe them, and consequently deploy these signatures within an intrusion detection system that performs online signature matching. Results: To evaluate our approach, which is also applicable to online failure detection, we implemented it for the Java platform and applied it onto seven open-source applications containing 30 vulnerabilities/defects for the purpose of the online detection of attacks/ failures. Our results showed that our approach worked very well for 26 vulnerabilities/defects (86.67%) and the overhead imposed by the system is somewhat acceptable as it varied from 46% to 102%. The exhibited average rates of false negatives and false positives were 0.43% and 1.03%, respectively. Conclusion: Using profile-based signatures for online intrusion and failure detection was shown to be effective.