DocumentCode :
1955028
Title :
Intrusion detection using signatures extracted from execution profiles
Author :
El-Ghali, Marwa ; Masri, Wes
Author_Institution :
Dept. of Electr. & Comput. Eng., American Univ. of Beirut, Beirut
fYear :
2009
fDate :
19-19 May 2009
Firstpage :
17
Lastpage :
24
Abstract :
An application based intrusion detection system is a security mechanism designed to detect malicious behavior that could compromise the security of a software application. Our aim is to develop such a system that operates on signatures extracted from execution profiles. These signatures are not descriptions of exploits, but instead are descriptions of the program conditions that lead to the exploitation of software vulnerabilities, i.e., they depend on the structure of the vulnerabilities themselves. A program vulnerability is generally induced by the execution of a combination of program statements. In this work we first analyze the execution profiles of a subject application in order to identify such suspicious combinations and consequently extract and define their corresponding signatures. Then, we insert probes in select locations in the application to enable online signature matching. To evaluate our technique, we implemented it for Java programs and applied it on Tomcat 3.0 in order to detect well-known attacks. Our results were promising, as no false negatives and a maximum of 4.5% false positives were observed, and the runtime overhead was less than 5%.
Keywords :
Java; digital signatures; program diagnostics; security of data; Java programs; Tomcat 3.0; execution profiles; intrusion detection system; malicious behavior; online signature matching; program analysis; program statements; security mechanism; signature extraction; software security; software vulnerability; Application software; Computer security; Computerized monitoring; Conferences; Databases; Intrusion detection; Java; Pattern matching; Probes; Runtime;
fLanguage :
English
Publisher :
ieee
Conference_Titel :
Software Engineering for Secure Systems, 2009. SESS '09. ICSE Workshop on
Conference_Location :
Vancouver, BC
Print_ISBN :
978-1-4244-3725-2
Type :
conf
DOI :
10.1109/IWSESS.2009.5068454
Filename :
5068454
Link To Document :
بازگشت