Application-based anomaly intrusion detection with dynamic information flow analysis

Computers and Security

Volumn 27, Issue 5-6, 2008, Pages 176-187

  Masri, Wes ^a   Podgurski, Andy ^b  

^a AMERICAN UNIVERSITY OF BEIRUT   (Lebanon)

^b Case Western Reserve University   (United States)

Author keywords

Cluster filtering; Dynamic information flow analysis; Information flow anomaly detection; Intrusion detection; Profiling

Indexed keywords

COMPUTER SOFTWARE; DYNAMIC PROGRAMMING; JAVA PROGRAMMING LANGUAGE; KETONES; OPEN SYSTEMS; PROGRAM DEBUGGING; PULSATILE FLOW; RELIABILITY;

ANOMALY DETECTIONS; ANOMALY INTRUSION DETECTION; CLUSTER FILTERING; DYNAMIC INFORMATION FLOW ANALYSIS; EXECUTION REPLAY; INFORMATION FLOW ANOMALY DETECTION; INFORMATION FLOWS; INTEGRITY REQUIREMENTS; JAVA BYTE CODE PROGRAMS; NEW APPROACHES; OPEN SOURCE SYSTEMS; PROFILING; PROTOTYPE TOOLS; SECURITY VULNERABILITIES; SOFTWARE SECURITY;

INTRUSION DETECTION;

EID: 53049096535     PISSN: 01674048     EISSN: None     Source Type: Journal    
DOI: 10.1016/j.cose.2008.06.002     Document Type: Article

References (38)

1. Axelsson S. Intrusion detection systems: a survey and taxonomy. Technical report 99-15 (March 2000), Department of Computer Engineering, Chalmers University
2. Axelsson S. The base-rate fallacy and the difficulty of intrusion detection. ACM Transactions on Information Systems and Security 3 3 (August 2000) 186-205
3. Chaturvedi A., Bhaktar S., and Sekar R. Improving attack detection in host-based IDS by learning properties of system call arguments. Technical report SECLAB-05-03 (July 2005), Department of Computer Science, Stony Brook University
4. Denning D.E., and Denning P.J. Certification of programs for secure information flow. Communication of the ACM 20 7 (1977) 504-513
5. Denning D.E. An intrusion detection model. IEEE Transactions on Software Engineering 13 2 (February, 1987) 222-232
6. Dickinson W, Leon D, Podgurski A. Finding failures by cluster analysis of execution profiles. In: Twenty-third international conference on software engineering, Toronto; May 2001. p. 339-48.
7. Dickinson W., Leon D., and Podgurski A. Pursuing failure: the distribution of program failures in a profile space. Tenth European software engineering conference and 9th ACM SIGSOFT symposium on the foundations of software engineering, Vienna (September 2001), ACM Press 246-255
8. Feng H., Kolesnikov O., Fogla P., Lee W., and Gong W. Anomaly detection using call stack information. IEEE Symposium on Security and Privacy (Oakland, CA) (May 2003)
9. Fenton J.S. Memoryless subsystems. The Computer Journal 17 2 (1974) 143-147
10. Forrest S., Hofmeyr S.S., Somayaji A., and Longstaff T.A. A sense of self for UNIX processes. IEEE Symposium on Security and Privacy (Los Alamitos, CA) (1996) 120-128
11. Haldar V., Chandra D., and Franz M. Practical, dynamic information-flow for virtual machines. Technical report no. 05-02 (February 2005), Department of Information and Computer Science, University of California, Irvine
12. Hofmeyr S., Forrest S., and Somayaji A. Intrusion detection using sequences of system calls. Journal of Computer Security 6 (1998) 151-180
13. Jain A.K., and Dubes R.C. Algorithms for clustering data (1988), Prentice Hall
14. Leon D, Masri W, Podgurski A. An empirical evaluation of test case filtering techniques based on exercising complex information flows. In: Twenty-seventh international conference on software engineering (St. Louis, MO); May 2005.
15. Liepins G, Vaccaro HS. Anomaly detection: purpose and framework. In: Twelfth national computer security conference (Baltimore); 1989. p. 495-504.
16. Masri W. Dynamic information flow analysis. Slicing and profiling. Ph.D. dissertation; 2004. http://softlabnet.cwru.edu.
17. Masri W, Nahas N, Podgurski A. Memorized forward computation of program slices. In: Seventeenth IEEE international symposium on software reliability engineering, ISSRE 2006. Raleigh, NC, USA; November 2006.
18. Masri W, Podgurski A, Leon D. Detecting and debugging insecure information flows. In: Fifteenth IEEE international symposium on software reliability engineering, ISSRE 2004, St. Malo, France; November 2-5, 2004.
19. Masri W, Podgurski A. Using dynamic information flow analysis to detect attacks against applications. In: 2005 Workshop on Software Engineering for Security Systems (St. Louis, MI); May 2005.
20. Masri W., Podgurski A., and Leon D. an empirical study of test case filtering techniques based on exercising information flows. IEEE Transactions on Software Engineering 33 7 (July 2007) 454
21. McCamant S, Ernst M. Quantitative information-flow tracking for C and related languages. MIT computer science and artificial intelligence laboratory technical report MIT-CSAIL-TR-2006-076 (Cambridge, MA); November 17, 2006.
22. McCamant S, Ernst M. A simulation-based proof technique for dynamic information flow. In: ACM SIGPLAN workshop on programming languages and analysis for security (San Diego, Calfornia, USA); June 14, 2007.
23. McMaster S, Memon A. Call stack coverage for test suite reduction. In: Twenty-first international conference on software maintenance, Butapest, Hungary; September 2005.
24. Newsome J, Song DX. Dynamic taint analysis for automatic detection, analysis, and signature generation of exploits on commodity software. In: Twelfth network and distributed system security symposium, San Diego, California; February 2005.
25. Orso A, Kennedy B. Selective capture and replay of program executions. In: 2005 Workshop on dynamic analysis (St. Louis); May 2005.
26. Perl.org. The perl directory, .
27. Steven S, Chandra P, Fleck B, Podgurski A. jRapture: a capture/replay tool for observation-based testing. In: 2000 international symposium on software testing and analysis (Portland, Oregon); August 2000. p. 158-67.
28. Suh GE, Lee J, Devadas S. Secure program execution via dynamic information flow tracking. In: Eleventh international conference on architectural support for programming languages and operating systems (Boston, MA); 2004.
29. Tallam S., and Gupta R. Unified control flow and data dependence traces. ACM Transactions on Architecture and Code Optimization 4 3 (2007)
30. Tan K, Killourhy K, Maxion R. Undermining an anomaly-based intrusion detection system using common exploits. In: Fifth international symposium on recent advances in intrusion detection (Zurich); October 2002.
31. The Byte Code Engineering Library (BCEL). The Apache Jakarta project (2003), Apache Software Foundation. http://jakarta.apache.org/bcel
32. Vachharajani N, Bridges M, Chang J, Rangan R, Ottoni G, Blome J, Reis G, Vachharajani M, August D. RIFLE: an architectural framework for user-centric information-flow security. In: Proceedings of the 37th international symposium on microarchitecture (MICRO); December 2004.
33. Vogt P, Nentwich F, Jovanovic N, Kruegel C, Kirda E, Vigna G. Cross site scripting prevention with dynamic data tainting and static analysis. In: Fourteenth annual network and distributed system security symposium (NDSS 2007), San Diego, CA; February 2007.
34. Wagner D, Soto P. Mimicry attacks on host-based intrusion detection systems. In: Proceedings of the ninth ACM conference on computer and communications security, Washington, D.C.; November 2002. p. 255-64.
35. Xu W., Bakhtar S., and Sekar R. A unified approach to preventing attacks exploiting a range of software vulnerabilities. Technical report SECLAB-05-05 (August 2005), Department of Computer Science, Stony Brook University
36. Zhang X., Gupta R., and Zhang Y. Cost and precision tradeoffs of dynamic data slicing algorithms. ACM Transactions on Programming Languages and Systems 27 4 (July 2005) 631-661
37. Zimmermann J., Mé L., and Bidan C. An improved reference flow control model for policy-based intrusion detection. Eighth European symposium on research in computer security (Gjøvik, Norway). Lecture notes in computer science 2808 (October 2003), Springer-Verlag
38. Zimmermann J, Mé L, Bidan C. Experimenting with a policy-based HIDS based on and information flow control model. In: Nineenteenth computer security applications conference (Las Vegas); November 2003.