• DocumentCode
    2373928
  • Title

    Monitoring Library Function-based Intrusion Prevention System with Continuing Execution Mechanism

  • Author

    Kato, Yudai ; Makimoto, Yuji ; Shirai, Hironori ; Shimizu, Hiromi ; Furuya, Yusuke ; Saito, Shoichi ; Matsuo, Hiroshi

  • Author_Institution
    Nagoya Inst. of Technol., Nagoya, Japan
  • fYear
    2010
  • fDate
    11-13 Dec. 2010
  • Firstpage
    548
  • Lastpage
    554
  • Abstract
    Anomaly-based Intrusion Prevention Systems have been studied to prevent zero-day attacks. However these existing systems can´t prevent mimicry attacks because of the inadequacy of monitoring accuracy. Moreover, they provide no continuity for monitored applications when they have been compromised. In this paper, we propose a novel Intrusion Prevention System named Belem that detects anomaly states by checking the ordering of library functions and has a Continuing Execution Mechanism to provide application continuity. We implemented Belem on Linux and evaluated it.
  • Keywords
    security of data; Belem intrusion prevention system; Linux; anomaly-based intrusion prevention systems; continuing execution mechanism; library function-based intrusion prevention system; mimicry attacks; zero-day attacks; Checkpoint; Continuing execution; Intrusion prevention system; Monitoring library function; Self-healing;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Embedded and Ubiquitous Computing (EUC), 2010 IEEE/IFIP 8th International Conference on
  • Conference_Location
    Hong Kong
  • Print_ISBN
    978-1-4244-9719-5
  • Electronic_ISBN
    978-0-7695-4322-2
  • Type

    conf

  • DOI
    10.1109/EUC.2010.89
  • Filename
    5703575
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=2373928