Title :
Using Branch Correlation to Identify Infeasible Paths for Anomaly Detection
Author :
Xiaotong Zhunag ; Zhang, Tao ; Pande, Santosh
Author_Institution :
IBM Thomas J. Watson Res. Center, Yorktown Heights, NY
Abstract :
In this paper, we propose a system called infeasible path detection system (IPDS) to combat memory tampering attacks causing invalid program control flows. In our system, the compiler analyzes correlations between branches and then the analyzed information is conveyed to the runtime system. The runtime system detects dynamic infeasible program paths by combining compiler determined information with runtime information to check the legality of the path taken during execution. IPDS achieves a zero false positive rate and can detect a high percentage of memory tampering for many attacks in which the tampering actually causes a change in control flow. Moreover, IPDS only incurs a modest amount of hardware resource and negligible performance penalty
Keywords :
program compilers; program control structures; program debugging; security of data; anomaly detection; branch correlation; infeasible path detection system; invalid program control flow; memory tampering attack; program compiler; runtime system; Automata; Buffer overflow; Control systems; Decision making; Educational institutions; Information analysis; Monitoring; Program processors; Runtime; Security;
Conference_Titel :
Microarchitecture, 2006. MICRO-39. 39th Annual IEEE/ACM International Symposium on
Conference_Location :
Orlando, FL
Print_ISBN :
0-7695-2732-9
DOI :
10.1109/MICRO.2006.48
