Book Chapter10.1007/3-540-36084-0_9
Learning unknown attacks - a start
J. Just,James C. Reynolds,L. Clough,Melissa Danforth,Karl Levitt,R. Maglich,Jeff Rowe +6 more
- 01 Jan 2003
- pp 158-176
TL;DR: This system learns and blocks single-stage unknown attacks against a protected web server by searching and testing service history logs in a Sandbox after a successful attack and has an initial class-based attack generalization technique that stops web-server buffer overflow attacks.
read more
Abstract: Since it is essentially impossible to write large-scale software without errors, any intrusion tolerant system must be able to tolerate rapid, repeated unknown attacks without exhausting its redundancy. Our system provides continued application services to critical users while under attack with a goal of less than 25% degradation of productivity. Initial experimental results are promising. It is not yet a general open solution. Specification-based behavior sensors (allowable actions, objects, and QoS) detect attacks. The system learns unknown attacks by relying on two characteristics of network-accessible software faults: attacks that exploit them must be repeatable (at least in a probabilistic sense) and, if known, attacks can be stopped at component boundaries. Random rejuvenation limits the scope of undetected errors. The current system learns and blocks single-stage unknown attacks against a protected web server by searching and testing service history logs in a Sandbox after a successful attack. We also have an initial class-based attack generalization technique that stops web-server buffer overflow attacks. We are working to extend both techniques.
read more
Chat with Paper
AI Agents for this Paper
Find similar papers on Google Scholar, PubMed and Arxiv
Write a critical review of this paper
Analyze citations of this paper to find unaddressed research gaps
Citations
•Proceedings Article
N-variant systems: a secretless framework for security through diversity
Benjamin L. Cox,David Evans,Adrian Filipi,Jonathan C. Rowanhill,Wei Hu,Jack W. Davidson,John C. Knight,Anh Nguyen-Tuong,Jason D. Hiser +8 more
- 31 Jul 2006
TL;DR: The N-variant systems framework is introduced, a model for analyzing security properties of N-Variant systems is presented, variations that can be used to detect attacks that involve referencing absolute memory addresses and executing injected code are defined, and performance results from a prototype implementation are presented.
Patent
Systems and methods for detecting and inhibiting attacks using honeypots
Stylianos Sidiroglou,Angelos D. Keromytis,Kostas G. Anagnostakis +2 more
- 18 Apr 2006
TL;DR: In this paper, an anomaly detection component monitors the received traffic and routes the traffic either to the protected application or to a honeypot, where the honeypot shares all state information with the application.
263
Countering network worms through automatic patch generation
Stelios Sidiroglou,Angelos D. Keromytis +1 more
- 01 Nov 2005
TL;DR: To counter zero-day worms that exploit software flaws such as buffer overflows, this end-point architecture uses source code transformations to automatically create and test software patches for vulnerable segments of targeted applications.
Patent
Systems, methods, and media protecting a digital data processing device from attack
Stylianos Sidiroglou,Angelos D. Keromytis,Salvatore J. Stolfo +2 more
- 18 Aug 2006
TL;DR: In this paper, a method for protecting a digital data processing device from attack is provided, that includes, within a virtual environment: receiving at least one attachment to an electronic mail; and executing the at least 1 attachment; and based on the execution of the attachment, determining whether anomalous behavior occurs.
101
References
•Book
Artificial Intelligence: A Modern Approach
Stuart Russell,Peter Norvig +1 more
- 01 Jan 2020
TL;DR: In this article, the authors present a comprehensive introduction to the theory and practice of artificial intelligence for modern applications, including game playing, planning and acting, and reinforcement learning with neural networks.
21.4K
•Book
Transaction Processing: Concepts and Techniques
Jim Gray,Andreas Reuter +1 more
- 01 Jan 1992
TL;DR: Using transactions as a unifying conceptual framework, the authors show how to build high-performance distributed systems and high-availability applications with finite budgets and risk.
3.8K
•Book
Secrets and Lies: Digital Security in a Networked World
Bruce Schneier
- 01 Jan 2000
TL;DR: This book argues that modern systems have so many components and connections-some of them not even known by the systems' designers, implementers, or users-that insecurities always remain, and that the world was full of bad security systems designed by people who read Applied Cryptography.
A taxonomy of computer program security flaws
TL;DR: This survey provides a taxonomy for computer program security flaws, with an Appendix that documents 50 actual security flaws that provide a good introduction to the characteristics of security flaws and how they can arise.