Proceedings Article10.1109/EUC.2010.89
Monitoring Library Function-based Intrusion Prevention System with Continuing Execution Mechanism
Yudai Kato,Yuji Makimoto,Hironori Shirai,Hiromi Shimizu,Yusuke Furuya,Shoichi Saito,Hiroshi Matsuo +6 more
- 11 Dec 2010
- pp 548-554
TL;DR: A novel Intrusion Prevention System named Belem is proposed that detects anomaly states by checking the ordering of library functions and has a Continuing Execution Mechanism to provide application continuity.
read more
Abstract: Anomaly-based Intrusion Prevention Systems have been studied to prevent zero-day attacks. However these existing systems can $B!G (Bt prevent mimicry attacks because of the inadequacy of monitoring accuracy. Moreover, they provide no continuity for monitored applications when they have been compromised. In this paper, we propose a novel Intrusion Prevention System named Belem that detects anomaly states by checking the ordering of library functions and has a Continuing Execution Mechanism to provide application continuity. We implemented Belem on Linux and evaluated it.
read more
Chat with Paper
AI Agents for this Paper
Find similar papers on Google Scholar, PubMed and Arxiv
Write a critical review of this paper
Analyze citations of this paper to find unaddressed research gaps
References
•Proceedings Article
StackGuard: automatic adaptive detection and prevention of buffer-overflow attacks
Crispin Cowan,Calton Pu,Dave Maier,Heather Hintony,Jonathan Walpole,Peat Bakke,Steve Beattie,Aaron Grier,Perry Wagle,Qian Zhang +9 more
- 26 Jan 1998
TL;DR: StackGuard is described: a simple compiler technique that virtually eliminates buffer overflow vulnerabilities with only modest performance penalties, and a set of variations on the technique that trade-off between penetration resistance and performance.
Intrusion detection via static analysis
David Wagner,R. Dean +1 more
- 14 May 2001
TL;DR: It is shown how static analysis may be used to automatically derive a model of application behavior and the result is a host-based intrusion detection system with three advantages: a high degree of automation, protection against a broad class of attacks based on corrupted code, and the elimination of false alarms.
•Proceedings Article
Automating mimicry attacks using static binary analysis
Christopher Kruegel,Engin Kirda,Darren Mutz,William Robertson,Giovanni Vigna +4 more
- 31 Jul 2005
TL;DR: A novel technique to evade the extended detection features of state-of-the-art intrusion detection systems and reduce the task of the intruder to a traditional mimicry attack is presented.
Building a reactive immune system for software services
Stelios Sidiroglou,Michael E. Locasto,Stephen W. Boyd,Angelos D. Keromytis +3 more
- 10 Apr 2005
TL;DR: The overall system architecture and a prototype implementation for the x86 platform are discussed, and the preliminary performance evaluation shows that although full emulation can be prohibitively expensive, selective emulation can incur as little as 30% performance overhead relative to an uninstrumented (but failure-prone) instance of Apache.
CCured in the real world
Jeremy Condit,Matthew Harren,Scott McPeak,George C. Necula,Westley Weimer +4 more
- 09 May 2003
TL;DR: This paper has extended the CCured type inference algorithm to recognize and verify statically a large number of type casts and presents a new instrumentation scheme that splits CCured's metadata into a separate data structure whose shape mirrors that of the original user data.
Related Papers (5)
Edward J. M. Colbert,Steve Hutchinson +1 more
- 01 Jan 2016
Sanjay Ram M,Velmurugan N +1 more
- 01 Jan 2012