logo

您所在位置网站首页 > 海量文档  > 学术论文 > 大学论文

Context Sensitive Anomaly Monitoring of Process Control Flow to Detect Mimicry £ Attacks a.pdf 19页

本文档一共被下载: ,您可全文免费在线阅读后下载本文档。

  • 支付并下载
  • 收藏该文档
  • 百度一下本文档
  • 修改文档简介
全屏预览

下载提示

1.本站不保证该用户上传的文档完整性,不预览、不比对内容而直接下载产生的反悔问题本站不予受理。
2.该文档所得收入(下载+内容+预览三)归上传者、原创者。
3.登录后可充值,立即自动返金币,充值渠道很便利
特别说明: 下载前务必先预览,自己验证一下是不是你要下载的文档。
  • 上传作者 l215322(上传创作收益人)
  • 发布时间:2017-04-06
  • 需要金币120(10金币=人民币1元)
  • 浏览人气
  • 下载次数
  • 收藏次数
  • 文件大小:202.29 KB
下载过该文档的会员
Context Sensitive Anomaly Monitoring of Process Control Flow to Detect Mimicry £ Attacks a
你可能关注的文档:
Context Sensitive Anomaly Monitoring of Process Control Flow to Detect Mimicry Attacks and Impossible Paths Haizhi Xu, Wenliang Du, and Steve J. Chapin Systems Assurance Institute, Syracuse University, Syracuse NY 13244, USA  hxu02, wedu, chapin  @ Abstract. Many intrusions amplify rights or circumvent defenses by issuing sys- tem calls in ways that the original process did not. Defense against these attacks emphasizes preventing attacking code from being introduced to the system and detecting or preventing execution of the injected code. Another approach, where this paper fits in, is to assume that both injection and execution have occurred, and to detect and prevent the executing code from subverting the target system. We propose a method using waypoints: marks along the normal execution path that a process must follow to successfully access operating system services. Way- points actively log trustworthy context information as the program executes, al- lowing our anomaly monitor to both monitor control flow and restrict system call permissions to conform to the legitimate needs of application functions. We de- scribe our design and implementation of waypoints and present results showing that waypoint-based anomaly monitors can detect a subset of mimicry attacks and impossible paths. Keywords: anomaly detection, context sensitive, waypoint, control flow monitoring, mimicry attacks, impossible paths 1 Introduction Common remote attacks on computer systems have exploited implementation errors to inject code into running processes. Buffer overflow attacks are the best-known example of this type of attacks. For years, people have been working on preventing, detecting, and tolerating these attacks [1–13]. Despite these efforts, current systems are not secure. Attackers frequently find new vulnerabilities and quickly develop adaptive methods that circumvent security mechanisms. Host-based defense can take place at one of three stages: preventing code injection, preve

发表评论

请自觉遵守互联网相关的政策法规,严禁发布色情、暴力、反动的言论。
用户名: 验证码: 点击我更换图片

“原创力文档”前称为“文档投稿赚钱网”,本站为“文档C2C交易模式”,即用户上传的文档直接卖给(下载)用户,本站只是中间服务平台,本站所有文档下载所得的收益归上传人(含作者)所有【成交的100%(原创)】。原创力文档是网络服务平台方,若您的权利被侵害,侵权客服QQ:3005833200 电话:19940600175 欢迎举报,上传者QQ群:784321556