Probabilistic Program Modeling for High-Precision Anomaly Classification
作者: Kui Xu , Danfeng Daphne Yao , Barbara G. Ryder , Ke Tian
DOI: 10.1109/CSF.2015.37
关键词:
摘要: The trend constantly being observed in the evolution of advanced modern exploits is their growing sophistication stealthy attacks. Code-reuse attacks such as return-oriented programming allow intruders to execute mal-intended instruction sequences on a victim machine without injecting external code. We introduce new anomaly-based detection technique that probabilistically models and learns program's control flows for high-precision behavioral reasoning monitoring. Our prototype Linux named STILO, which stands STatically InitiaLized markOv. Experimental evaluation involves real-world code-reuse over 4,000 testcases from server utility programs. STILO achieves up 28-fold improvement accuracy state-of-the-art HMM-based anomaly detection. findings suggest probabilistic modeling program dependences provides significant source behavior information building real-time system
computer.org
ieeecomputersociety.org参考文章(53)
Aditya V. Nori, Sriram K. Rajamani, Johannes Borgström, Andrew D. Gordon, Guillaume Claret, Bayesian Inference for Probabilistic Programs via Symbolic Execution ,(2012)
Job Noorman, Nick Nikiforakis, Frank Piessens, There is safety in numbers: preventing control-flow hijacking by duplication nordic conference on secure it systems. pp. 105- 120 ,(2012) , 10.1007/978-3-642-34210-3_8
Barton P. Miller, Somesh Jha, Jonathon T. Giffin, Efficient Context-Sensitive Intrusion Detection. network and distributed system security symposium. ,(2004)
Ulfar Erlingsson, Jay Ligatti, Martn Abadi, Mihai Budiu, Control-Flow Integrity - Principles, Implementations, and Applications computer and communications security. ,(2005)
Yanzhi Dou, Kexiong Curtis Zeng, Yaling Yang, Danfeng Daphne Yao, MadeCR: Correlation-based malware detection for cognitive radio 2015 IEEE Conference on Computer Communications (INFOCOM). pp. 639- 647 ,(2015) , 10.1109/INFOCOM.2015.7218432
Barton P. Miller, Somesh Jha, Jonathon T. Giffin, Detecting Manipulated Remote Call Streams usenix security symposium. pp. 61- 79 ,(2002)
A.K. Jones, Yu Lin, Application intrusion detection using language library calls annual computer security applications conference. pp. 442- 449 ,(2001) , 10.1109/ACSAC.2001.991561
Piotr Mardziel, Stephen Magill, Michael Hicks, Mudhakar Srivatsa, Dynamic enforcement of knowledge-based security policies using probabilistic abstract interpretation Journal of Computer Security. ,vol. 21, pp. 463- 532 ,(2013) , 10.3233/JCS-130469
R. Gopalakrishna, E.H. Spafford, J. Vitek, Efficient intrusion detection using automaton inlining ieee symposium on security and privacy. pp. 18- 31 ,(2005) , 10.1109/SP.2005.1
Caroline Tice, Tom Roeder, Peter Collingbourne, Stephen Checkoway, Úlfar Erlingsson, Luis Lozano, Geoff Pike, Enforcing forward-edge control-flow integrity in GCC & LLVM usenix security symposium. pp. 941- 955 ,(2014)