An efficient technique for preventing mimicry and impossible paths execution attacks

Conference Proceedings of the IEEE International Performance, Computing, and Communications Conference

Volumn , Issue , 2007, Pages 418-425

  Bruschi, Danilo ^a   Cavallaro, Lorenzo ^a,b   Lanzi, Andrea ^a  

^a UNIVERSITY OF MILAN   (Italy)

^b STONY BROOK UNIVERSITY   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

COMPUTER OPERATING SYSTEMS; INTERFACES (COMPUTER); INTRUSION DETECTION; RESPONSE TIME (COMPUTER SYSTEMS); SERVERS; WORLD WIDE WEB;

EXECUTION ATTACKS; IMPOSSIBLE PATH EXECUTION (IPE); MIMICRY; TESTBED WEB SERVER;

COMPUTER CRIME;

EID: 36348944590     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/PCCC.2007.358922     Document Type: Conference Paper

References (13)

1. D. Bruschi, L. Cavallaro, and A. Lanzi. Syscalls Obfuscation to Prevent Automatic Mimicry. Technical report, Dipartimento di Informatica e Comunicazione, Università degli Studi di Milano, 2006.
2. M. Chew and D. Song. Mitigating Buffer Overflows by Operating System Randomization. Technical report, CMU department of computer science, 2002.
3. H. Feng, O. Kolesnikov, P. Fogla, W. Lee, and W. Gong. Anomaly Detection using Call Stack Information. IEEE Symposium on Security and Privacy, Oakland, California, 2003.
4. S. Forrest, S. A. Hofmeyr, A. Somayaji, andT. A. Longstaff. A Sense of Self for Unix Processes. In SP '96: Proceedings of the 1996 IEEE Symposium on Security and Privacy, page 120, Washington, DC, USA, 1996. IEEE Computer Society.
5. J. T. Giffin, S. Jha, and B. P. Miller. Detecting Manipulated Remote Call Streams. 11th USENIX Security Symposium, 2002.
6. S. A. Hofmeyr, S. Forrest, and A. Somayaji. Intrusion Detection Using Sequences of System Calls. Journal of Computer Security, 6(3):151-180, 1998.
7. C. Kruegel, E. Kirda, D. Mutz, W. Robertson, and G. Vigna. Automating Mimicry Attacks Using Static Binary Analysis. In Proceedings of the USENIX Security Symposium, Baltimore, MD, August 2005.
8. E. A. O. Levy. Smashing the Stack for Fun and Profit. Phrack Magazine, Volume 0x07, Issue #49, Phile 14 of 16, 1998.
9. R. Sekar, M. Bendre, D. Dhurjati, and P. Boliineni. A Fast Automaton-Based Method for Detecting Anomalous Program Behaviors. IEEE Symposium on Security and Privacy, Oakland, California, 2001.
10. D. Wagner and D. Dean. Intrusion Detection via Static Analysis. In IEEE Symposium on Security and Privacy, Oakland, California, 2001.
11. D. Wagner and P. Soto. Mimicry Attacks on Host Based Intrusion Detection Systems. In Proc. Ninth ACM Conference on Computer and Communications Security., 2002.
12. R. N. Wojtczuk. The Advanced return-into-lib(c) Exploits: PaX Case Study. Phrack Magazine, Volume 0x0b, Issue 0x3a, Phile #0x04 of 0x0e, December 2001.
13. H. Xu, W. Du, and S. J. Chapin. Context Sensitive Anomaly Monitoring of Process Control Flow to Detect Mimicry Attacks and Impossible Paths. RAID LNCS 3224 Springer-Verlag, pages 21-38, 2004.