On preventing intrusions by process behavior monitoring
作者: R. Sekar , Thomas F. Bowen , Mark E. Segal
DOI:
关键词:
摘要: Society's increasing reliance on networked information systems to support critical infrastructures has prompted interest in making the survivable, so that they continue perform functions even presence of vulnerabilities susceptible malicious attacks. To enable vulnerable survive attacks, it is necessary detect attacks and isolate failures resulting from before damage system by impacting functionality, performance or security. The key research problems this context include: • detecting in-progress cause damage, as opposed after have succeeded, localizing and/or minimizing isolating attacked components real-time, tracing origin attacks. We address detection problem real-time event monitoring comparison against events known be unacceptable. Real-time differentiates our approach previous works focus intrusion post-attack evidence analysis. We isolation supporting automatic initiation reactions. Reactions are programs we develop respond A reaction's primary goal compromised prevent them damaging other components. secondary aid attack, e.g., providing an illusion success attackers (enticing attack) while ensuring attack causes no damage. Our based specifying permissible process behaviors logical assertions sequences calls conditions values call arguments. compile specifications into finite state automata for efficient runtime deviations specified (and hence permissible) behavior. seamlessly integrate reaction designing specification language also allow
argreenhouse.com参考文章(24)
Eric A. Brewer, David Wagner, Ian Goldberg, Randi Thomas, A secure environment for untrusted helper applications confining the Wily Hacker usenix security symposium. pp. 1- 1 ,(1996)
Debra Anderson, Thane Frivold, Alfonso Valdes, Next-generation Intrusion Detection Expert System (NIDES)A Summary ,(1997)
Eugene H. Spafford, Sandeep Kumar, A pattern-matching model for intrusion detection ,(1994)
Eugene H. Spafford, Ivan Krsul, Taimur Aslam, Use of A Taxonomy of Security Faults ,(1996)
M Hlady, R Kovacevic, J Jenny Li, Barry R Pekilis, D Prairie, Tony Savor, Rudolph E Seviora, D Simser, Alexandre Vorobiev, An approach to automatic detection of software failures international symposium on software reliability engineering. pp. 314- 323 ,(1995) , 10.1109/ISSRE.1995.497672
Teresa F. Lunt, A survey of intrusion detection techniques Computers & Security. ,vol. 12, pp. 405- 418 ,(1993) , 10.1016/0167-4048(93)90029-5
Eugene Miya, On "Software engineering" ACM SIGSOFT Software Engineering Notes. ,vol. 10, pp. 12- 12 ,(1985) , 10.1145/1012443.1012444
R. C. Sekar, R. Ramesh, I. V. Ramakrishnan, Adaptive Pattern Matching SIAM Journal on Computing. ,vol. 24, pp. 1207- 1234 ,(1995) , 10.1137/S0097539793246252
A.P. Kosoresow, S.A. Hofmeyer, Intrusion detection via system call traces IEEE Software. ,vol. 14, pp. 35- 42 ,(1997) , 10.1109/52.605929
Gerard Berry, Ravi Sethi, From regular expressions to deterministic automata Theoretical Computer Science. ,vol. 48, pp. 117- 126 ,(1986) , 10.1016/0304-3975(86)90088-5