有哪些信誉好的足球投注网站Context Sensitive Anomaly Monitoring of Process Control Flow to Detect Mimicry £ Attacks a.pdf
- 1、本文档共19页,可阅读全部内容。
- 2、有哪些信誉好的足球投注网站(book118)网站文档一经付费(服务费),不意味着购买了该文档的版权,仅供个人/单位学习、研究之用,不得用于商业用途,未经授权,严禁复制、发行、汇编、翻译或者网络传播等,侵权必究。
- 3、本站所有内容均由合作方或网友上传,本站不对文档的完整性、权威性及其观点立场正确性做任何保证或承诺!文档内容仅供研究参考,付费前请自行鉴别。如您付费,意味着您自己接受本站规则且自行承担风险,本站不退款、不进行额外附加服务;查看《如何避免下载的几个坑》。如果您已付费下载过本站文档,您可以点击 这里二次下载。
- 4、如文档侵犯商业秘密、侵犯著作权、侵犯人身权等,请点击“版权申诉”(推荐),也可以打举报电话:400-050-0827(电话支持时间:9:00-18:30)。
查看更多
Context Sensitive Anomaly Monitoring of Process Control Flow to Detect Mimicry £ Attacks a
Context Sensitive Anomaly Monitoring of Process
Control Flow to Detect Mimicry Attacks and Impossible
Paths
�
Haizhi Xu, Wenliang Du, and Steve J. Chapin
Systems Assurance Institute, Syracuse University, Syracuse NY 13244, USA
hxu02, wedu, chapin @
Abstract. Many intrusions amplify rights or circumvent defenses by issuing sys-
tem calls in ways that the original process did not. Defense against these attacks
emphasizes preventing attacking code from being introduced to the system and
detecting or preventing execution of the injected code. Another approach, where
this paper fits in, is to assume that both injection and execution have occurred,
and to detect and prevent the executing code from subverting the target system.
We propose a method using waypoints: marks along the normal execution path
that a process must follow to successfully access operating system services. Way-
points actively log trustworthy context information as the program executes, al-
lowing our anomaly monitor to both monitor control flow and restrict system call
permissions to conform to the legitimate needs of application functions. We de-
scribe our design and implementation of waypoints and present results showing
that waypoint-based anomaly monitors can detect a subset of mimicry attacks and
impossible paths.
Keywords: anomaly detection, context sensitive, waypoint, control flow monitoring, mimicry
attacks, impossible paths
1 Introduction
Common remote attacks on computer systems have exploited implementation errors to
inject code into running processes. Buffer overflow attacks are the best-known example
of this type of attacks. For years, people have been working on preventing, detecting,
and tolerating these attacks [1–13]. Despite these efforts, current systems are not secure.
Attackers frequently find new vulnerabilities and quickly develop adaptive methods that
circumvent security mechanisms.
Host-based defense can take place at one of three stages: preventing code injection,
preve
您可能关注的文档
- Characterization of PM2.5 in the ambientair of Shanghaicity by analyzingindividualparticles.pdf
- Characterizations of essential ideals as operator modules over C-algebras.pdf
- Characterizing packet audio streams from internet multimedia applications.pdf
- Charge amplification concepts for direction-sensitive dark matter detectors.pdf
- Charge carriers of different origin in cuprates as revealed by experiment.pdf
- Charge collective modes in an incommensurately modulated cuprate.pdf
- Charge exchange for medium energy He and Ne ions in a large-angle collision at solid surfaces.pdf
- Charge transport along the c-axis in high-T_c cuprates.pdf
- Charge-sensitive TCP and rate control in the internet.pdf
- Charmless 2- and 3-body B decays and the angle alpha (phi2).pdf
文档评论(0)