Anomalous path detection with hardware support

CASES 2005: International Conference on Compilers, Architecture, and Synthesis for Embedded Systems

Volumn , Issue , 2005, Pages 43-54

  Zhang, Tao ^a   Zhuang, Xiaotong ^a   Pande, Santosh ^a   Lee, Wenke ^a  

^a Georgia Institute of Technology   (United States)

Author keywords

Anomalous Path; Anomaly Detection; Control Flow Monitoring; Hardware Support; Monitoring Granularity

Indexed keywords

COMPUTER HARDWARE; COMPUTER SOFTWARE; REAL TIME SYSTEMS;

ANOMALOUS PATH; ANOMALY DETECTION; CONTROL FLOW MONITORING; HARDWARE SUPPORT;

EMBEDDED SYSTEMS;

EID: 29144462647     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1086297.1086305     Document Type: Conference Paper

References (26)

1. Allen Householder, Kevin Houle, and Chad Dougherty, "Computer Attack Trends Challenge Internet Security", IEEE security and Privacy, Apr. 2002.
2. S. Forrest, S. A. Hofmeyr, A. Somayaji, T. A. Longstaff, "A Sense of Self for Unix Processes," In Proceedings of the 1996 IEEE Symposium on Security and Privacy, 1996.
3. D. Wagner, D. Dean, "Intrusion Detection via Static Analysis," In Proceedings of the 2001 IEEE Symposium on Security and Privacy, 2001.
4. R. Sekar, M. Bendre, D. Dhurjati, P. Bollineni, "A Fast Automaton-Based Method for Detecting Anomalous Program Behaviors," In Proceedings of the 2001 IEEE Symposium on Security and Privacy, 2001.
5. Henry Hanping Feng, Oleg M. Kolesnikov, Prahlad Fogla, Wenke Lee, Weibo Gong, "Anomaly Detection Using Call Stack Information," IEEE Symposium on Security and Privacy, May, 2003.
6. Henry H. Feng, Jonathon T. Giffin, Yong Huang, Somesh Jha, Wenke Lee, Barton P. Miller, "Formalizing Sensitivity in Static Analysis for Intrusion Detection," In Proceedings of the 2004 IEEE Symposium on Security and Privacy, 2004.
7. A.Kosoresow, S.Hofmeyr, "Intrusion Detection via System Call Traces," IEEE Software, vol. 14, pp. 24-42, 1997.
8. C. Michael, A. Ghosh, "Using Finite Automate to Mine Execution Data for Intrusion Detection: A preliminary Report", RAID 2000.
9. Debin Gao, Michael K. Reiter, Dawn Song, "On Gray-Box Program Tracking for Anomaly Detection", 13th USENIX Security Symposium, pages 103-118, August 2004
10. Debin Gao, Michael K. Reiter and Dawn Song, "Gray-Box Extraction of Execution Graphs for Anomaly Detection", the 11th ACM CCS conf., pages 318-329, October 2004.
11. C. Krügel, D. Mutz, F. Valeur, G. Vigna, "On the Detection of Anomalous System Call Arguments", In Proceedings of ESORICS 2003, pages 326-343, Norway, 2003.
12. Tao Zhang, Xiaotong Zhuang, Santosh Pande, Wenke Lee, "Hardware Supported Anomaly Detection: down to the Control Flow Level," Technical Report GIT-CERCS-04-11.
13. James R. Larus, "Whole Program Paths," PLDI 1999.
14. Y. Zhang and R. Gupta, "Timestamped Whole Program Path Representation and its Applications," PLDI 2001.
15. D. Lie, C. Thekkath, M. Mitchell, P. Lincoln, D. Boneh, J. Mitchell, M. Horowitz, "Architectural Support for Copy and Tamper Resistant Software," ASPLOSIX, Nov. 2000.
16. Doug Burger and Todd M. Austin. "The SimpleScalar Tool Set Version 2.0".
17. Vlaovic, E and S. Davidson, "TAXI: Trace Analysis for X86 Interpretation", In Proc. Of 2002 IEEE International Conference on Computer Design.
18. D. Grunwald, D. Lindsay, and B. Zorn. "Static methods in hybrid branch prediction". PACT 1998. Pages: 222 - 229.
19. R. Jasper, M. Brennan, K. Williamson, B. Currier, D. Zimmerman, "Test Data Generation and Feasible Path Analysis", ISSTA 1994, pp. 95-107.
20. J. Wilander and M. Kamkar. "A comparison of publicly available tools for dynamic buffer overflow prevention". In 10th NDSSS, 2003.
21. Scut. "Exploiting format string vulnerabilities". TESO Security Group.
22. C. Cowan, S. Beattie, J. Johansen, and P. Wagle, "Point-Guard: Protecting Pointers From Buffer Overflow Vulnerabilities," Proceedings of 12th USENIX Security Symposium, Washington DC, Aug., 2003.
23. C. Cowan, C. Pu, D. Maier, J.Walpole,P. Bakke, S. Beattie, A. Grier, P. Wagle, Q. Zhang, and H. Hinton, "StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks," 7th USENIX Security Conf., pages 63-78.
24. G.E. Suh, W. Lee, and S. Devadas, "Secure Program Execution via Dynamic Information Flow Tracking", ASPLOS 2004.
25. A.K. Ghosh, T. O'Connor, G. McGraw, "An automated approach for identifying potential vulnerabilities in software", 1998 IEEE Symposium on Security and Privacy, pp. 104-114.
26. Bochs: the Open Source IA-32 Emulation Project, http://bochs.sourceforge. net.