DocumentCode :
2373928
Title :
Monitoring Library Function-based Intrusion Prevention System with Continuing Execution Mechanism
Author :
Kato, Yudai ; Makimoto, Yuji ; Shirai, Hironori ; Shimizu, Hiromi ; Furuya, Yusuke ; Saito, Shoichi ; Matsuo, Hiroshi
Author_Institution :
Nagoya Inst. of Technol., Nagoya, Japan
fYear :
2010
fDate :
11-13 Dec. 2010
Firstpage :
548
Lastpage :
554
Abstract :
Anomaly-based Intrusion Prevention Systems have been studied to prevent zero-day attacks. However these existing systems can´t prevent mimicry attacks because of the inadequacy of monitoring accuracy. Moreover, they provide no continuity for monitored applications when they have been compromised. In this paper, we propose a novel Intrusion Prevention System named Belem that detects anomaly states by checking the ordering of library functions and has a Continuing Execution Mechanism to provide application continuity. We implemented Belem on Linux and evaluated it.
Keywords :
security of data; Belem intrusion prevention system; Linux; anomaly-based intrusion prevention systems; continuing execution mechanism; library function-based intrusion prevention system; mimicry attacks; zero-day attacks; Checkpoint; Continuing execution; Intrusion prevention system; Monitoring library function; Self-healing;
fLanguage :
English
Publisher :
ieee
Conference_Titel :
Embedded and Ubiquitous Computing (EUC), 2010 IEEE/IFIP 8th International Conference on
Conference_Location :
Hong Kong
Print_ISBN :
978-1-4244-9719-5
Electronic_ISBN :
978-0-7695-4322-2
Type :
conf
DOI :
10.1109/EUC.2010.89
Filename :
5703575
Link To Document :
https://search.ricest.ac.ir/dl/search/defaultta.aspx?DTC=49&DC=2373928
بازگشت