Generating profile-based signatures for online intrusion and failure detection

Information and Software Technology

Volumn 56, Issue 2, 2014, Pages 238-251

  Masri, Wes ^a   Abou Assi, Rawad ^a   El Ghali, Marwa ^a  

^a AMERICAN UNIVERSITY OF BEIRUT   (Lebanon)

Author keywords

Application based intrusion detection; Combinations of program elements; Genetic algorithm; Online failure detection; Profile based signatures; Vulnerability based signatures

Indexed keywords

FAULT LOCALIZATION; INTRUSION DETECTION SYSTEMS; ONLINE FAILURE DETECTIONS; PROFILE-BASED SIGNATURES; PROGRAM ELEMENTS; PROGRAM EXECUTION PROFILE; PROGRAM VULNERABILITY; VULNERABILITY-BASED SIGNATURES;

APPLICATION PROGRAMS; GENETIC ALGORITHMS; INTRUSION DETECTION; SEMANTICS; SOFTWARE TESTING;

JAVA PROGRAMMING LANGUAGE;

EID: 84889882586     PISSN: 09505849     EISSN: None     Source Type: Journal    
DOI: 10.1016/j.infsof.2013.09.004     Document Type: Article

References (61)

1. R. Abou-Assi, W. Masri, Identifying failure-correlated dependence chains, in: First International Workshop on Testing and Debugging, TeBug/ICST 2011, Berlin, March 2011.
2. R. Agrawal, T. Imielinski, A. Swami, Mining association rules between sets of items in large databases, in: Proceedings of the ACM SIGMOD Conference on Management of Data, 1993, pp. 207-216.
3. Taweesup Apiwattanapong, Alessandro Orso, Mary Jean Harrold: Efficient and precise dynamic impact analysis using execute-after sequences, ICSE, 2005, pp. 432-441.
4. Appendices: < http://webfea.fea.aub.edu.lb/fea/wm13/Appendix-A-D.pdf > < http://webfea.fea.aub.edu.lb/fea/wm13/Appendix-E.zip >.
5. P. Bodik, G. Friedman, L. Biewald, Combining visualization and statistical analysis to improve operator confidence and efficiency for failure detection and localization, in: Proceedings of Second Int'l Conf. Autonomic Computing (ICAC '05), June 2005, pp. 89-100.
6. D. Brumley, J. Newsome, D. Song, H. Wang, S. Jha, Towards automatic generation of vulnerability-based signatures, in: Proceedings of the 2006 IEEE Symposium on Security and Privacy, Berkeley, California, USA, May 2006, pp. 2-16. (Pubitemid 44753708)
7. D. Brumley, H. Wang, S. Jha, D. Song, Creating vulnerability signatures using weakest preconditions, in: Proceedings of the 20th IEEE Computer SecurityFoundations Symposium (CSF '07), Venice, Italy, July 2007.
8. A. Chaturvedi, S. Bhaktar, R. Sekar, Improving attack detection in host-based IDS by learning properties of system call arguments, in: Proceedings of the IEEE Symposium on Security and Privacy, 2005.
9. H. Chen, G. Jiang, C. Ungureanu, and K. Yoshihira Online tracking of component interactions for failure detection and localization in distributed systems IEEE Transactions on Systems, Man, and Cybernetics, Part C 37 4 2007 644 651 (Pubitemid 47061965)
10. W.W. Cohen, Fast effective rule induction, in: Machine Learning: the 12th International Conference, Lake Taho, CA, Morgan Kaufmann, 1995.
11. D.E. Denning A lattice model of secure information flow Communications of the ACM 19 5 May 1976 236 242
12. Hyunsook Do, Sebastian Elbaum, and Gregg Rothermel Supporting controlled experimentation with testing techniques: an infrastructure and its potential impact Empirical Software Engineering 10 4 2005 405 435 (Pubitemid 41408554)
13. M. El-Ghali, W. Masri, Intrusion detection using signatures extracted from execution profiles, in: 5th International Workshop on Software Engineering for Secure Systems, SESS, Vancouver, Canada, 2009.
14. M.D. Ernst, J. Cockrell, W.G. Griswold, and D. Notkin Dynamically discovering likely program invariants to sup-port program evolution IEEE Transactions on Software Engineering 27 2 2001 99 123 (Pubitemid 32254259)
15. H. Feng, O. Kolesnikov, P. Fogla, W. Lee, W. Gong, Anomaly detection using call stack information, in: Proceedings of the IEEE Symposium on Security and Privacy, Oakland, CA, USA, May 2003, p. 62.
16. S. Forrest, S. Hofmeyr, A. Somayaji, T. Longstaff, A sense of self for Unix processes, in: Proceedings of the 1996 IEEE Symposium on Security and Privacy, Los Alamitos, CA, USA, May 1996, pp. 120-128.
17. J. Giffin, S. Jha, B. Miller, Automated discovery of mimicry attacks, in: Proceedings of the 9th International Symposium on Recent Advances in Intrusion Detection (RAID '06), Hamburg, Germany, September 2006, pp. 41-60. (Pubitemid 44617846)
18. Todd L. Graves, Mary Jean Harrold, Jung-Min Kim, and Adam A. Porter Gregg Rothermel: an empirical study of regression test selection techniques ACM Transactions on Software Engineering and Methodology 10 2 2001 184 208 (Pubitemid 33602334)
19. D. Jackson, E. Rollins, Chopping: a generalization of slicing, in: Proceedings of the Second ACM SIGSOFT Symposium on the Foundations of, Software Engineering, 1994.
20. J. Jones, M.J. Harrold, J. Stasko, Visualization of test information to assist fault localization, in: Proceedings of the 24th International Conference on Software Engineering, Orlando, Florida, USA, May 2002, pp. 467-477. (Pubitemid 35009133)
21. D.-K. Kang, D. Fuller, V. Honavar, Learning classifiers for misuse and anomaly detection using a bag of system calls representation, in: Proceedings of 6th IEEE Systems Man and Cybernetics Information Assurance Workshop (IAW), 2005.
22. H. Kim, B. Karp, Autograph: toward automated, distributed worm signature detection, in: Proceedings of the 13th USENIX Security Symposium, CA, 2004, pp. 271-286.
23. C. Kruegel, D. Mutz, F. Valeur, G. Vigna, On the detection of anomalous system call arguments, in: Proceedings of the 8th European Symposium on Research in Computer Security, Gjovik, Norway, October 2003, pp. 326-343.
24. W. Lee, S.J. Stolfo, Data mining approaches for intrusion detection, in: Proceedings of the 7th USENIX Security Symposium, San Antonio, TX, January 1998.
25. W. Lee, S.J. Stolfo, K.W. Mok, A data mining framework for building intrusion detection models, in: Proceedings of the 1999 IEEE Symposium on Security and Privacy, IEEE Computer Society, Los Alamitos, CA, 1999, pp. 120-132.
26. David Leon, Andy Podgurski, Lee J. White, Multivariate visualization in observation-based testing, in: Proceedings of the 2000 International Conference on Software Engineering, pages 116-125, New York, NY, USA, 2000, ACM.
27. Z. Li, M. Harman, and R.M. Hierons Search algorithms for regression test case prioritization IEEE Transactions on Software Engineering 33 4 2007 225 237 (Pubitemid 46523213)
28. G. Liepins, H.S. Vaccaro, Anomaly detection: purpose and framework, 12th National Computer Security Conference, Baltimore, 1989, pp. 495-504.
29. R. Lippmann, J.W. Haines, D.J. Fried, J. Korba, K. Das, Analysis and results of the 1999 DARPA off-line intrusion detection evaluation, in: Proceedings of Recent Advances in Intrusion Detection, LNCS, Springer, Toulouse, France, 2000, 162-18.
30. D. Lorenzoli, L. Mariani, M. Pezze, Towards self-protecting enterprise applications, in: Proceedings of the 18th IEEE International Symposium on Software Reliability (ISSRE '07), Trollhättan, Sweden, November 2007.
31. H. Mannila, H. Toivonen, A.I. Verkamo, Discovering frequent episodes in sequences, in: Proceedings of the 1st International Conference on Knowledge Discovery in Databases and Data Mining, Montreal, Canada, August 1995.
32. M. Martin, B. Livshits, M. Lam, Finding application errors and security flaws using PQL: a Program Query Language, 20th ACM SIGPLAN Conference on Object-Oriented Programming, Systems, Languages, and Applications, CA, 2005, pp. 365-383.
33. Steve McConnell Code Complete second ed. 2004 Microsoft Press
34. W. Masri Fault localization based on information flow coverage Software Testing, Verification and Reliability. 20 2 2010 121 147
35. W. Masri Exploiting the empirical characteristics of program dependences for improved forward computation of dynamic slice Empirical Software Engineering (ESE) 13 2008 369 399
36. W. Masri, R. Abou-Assi, Cleansing test suites from coincidental correctness to enhance fault-localization, in: Third International Conference on Software Testing, Verification and Validation, ICST 2010, Paris, April, 2010.
37. W. Masri, R. Abou-Assi, M. El-Ghali, N. Fatairi, An empirical study of the factors that reduce the effectiveness of coverage-based fault localization, International Workshop on Defects in Large Software Systems, DEFECTS, Chicago, IL, 2009.
38. W. Masri, R. Abou Assi, F. Zaraket, N. Fatairi, Enhancing Fault Localization via Multivariate Visualization, Regression/ICST 2012, Montreal, Canada, April 2012.
39. W. Masri, M. El-Ghali, Test case filtering and prioritization based on coverage of combinations of program elements, in: Seventh International Workshop on Dynamic Analysis, WODA, Chicago, IL, 2009.
40. W. Masri, and H. Halabi An algorithm for capturing variables dependences in test suites Journal of Systems and Software (JSS) 84 7 2011 1171 1190
41. W. Masri, and A. Podgurski Application-based anomaly intrusion detection with dynamic information flow analysis Computers & Security 27 2008 176 187
42. W. Masri, and A. Podgurski Algorithms and tool support for dynamic information flow analysis Information and Software Technology 51 February 2009 385 404
43. W. Masri, A. Podgurski, An empirical study of the relationship between information flow and program dependence, Fourth International Workshop on Dynamic Analysis (WODA 2006), Shanghai, China, May 2006.
44. W. Masri, and A. Podgurski Measuring the Strength of Information Flows in Programs ACM Transactions on Software Engineering and Methodology (TOSEM) 19 2 2009 Article 5, October
45. W. Masri, A. Podgurski, and D. Leon An empirical study of test case filtering techniques based on exercising information flows IEEE Transactions on Software Engineering 33 7 2007 454
46. Frederic P. Miller, Agnes F. Vandome, and John McBrewster Abandonware: Computer Software, Copyright, Office Suite, Public Domain, List of Commercial Video Games Released as Freeware 2009 Alpha Press Orphan Works
47. Darren Mutz, Fredrik Valeur, Giovanni Vigna, and Christopher Kruegel Anomalous system call detection ACM Transactions on Information and System Security 9 1 2006 61 93
48. James Newsome, David Brumley, Dawn Song, Vulnerability-specific execution filtering for exploit prevention on commodity software, in: Proceedings of the 13th Symposium on Network and Distributed System Security (NDSS '06), 2006.
49. James Newsome, Dawn Song, Dynamic taint analysis for automatic detection, analysis, and signature generation of exploits on commodity software, in: Proceedings of the 12th Annual Network and Distributed System Security Symposium (NDSS '05), 2005.
50. Amjad Nusayr, and Jonathan Cook Using AOP for detailed runtime monitoring instrumentation WODA 2009 8 14
51. C. Parnin, A. Orso, Are automated debugging techniques actually helping programmers? ISSTA 2011, pp. 199-209.
52. L. Portnoy, E. Eskin, S. Stolfo, Intrusion detection with unlabeled data using clustering, in: ACM CSS Workshop on Data Mining Applied to Security (DMSA), 2001.
53. A. Sabelfeld, and A.C. Myers Language-based information-flow security IEEE Journal on Selected Areas in Communications 21 1 2003
54. K. Sen, D. Marinov, G. Agha, Cute: a concolic unit testing engine for C, in: 10th European, Software Engineering Conference, 2005.
55. Forrest Shull, Vic Basili, Barry Boehm, A. Winsor Brown, Patricia Costa, Mikael Lindvall, Dan Port, Ioana Rus, Roseanne Tesoriero, Marvin Zelkowitz, What we have learned about fighting defects, in: Proceedings of the 8th International Symposium on Software Metrics (METRICS '02), IEEE Computer Society, Washington, DC, USA, 2002.
56. A. Singh, and A.K. Gupta A hybrid heuristic for the maximum clique problem Journal of Heuristics 12 1-2 2006 5 22 (Pubitemid 43234613)
57. S. Steven, P. Chandra, B. Fleck, A. Podgurski, jRapture: a capture/replay tool for observation-based testing, 2000 International Symposium on Software Testing and Analysis, Portland, Oregon, August 2000, pp.158-167.
58. D. Wagner, D. Dean, Intrusion detection via static analysis, in: Proceedings of the 2001 IEEE Symposium on Security and Privacy, Oakland, CA, USA, May 2001, pp. 156-168.
59. D. Wagner, P. Soto, Mimicry attacks on host-based intrusion detection systems, in: Proceedings of the 9th ACM Conference on Computer and Communications Security, Washington, DC, USA, November 2002, pp. 255-264.
60. H. Xu, W. Du, S. Chapin, Context sensitive anomaly monitoring of process control flow to detect mimicry attacks and impossible paths, in: Proceedings of the 7th International Symposium on Recent Advances in Intrusion Detection (RAID '04), Sophia Antipolis, France, September 2004, pp. 21-38.
61. H. Yin, D. Song, M. Egele, C. Kruegel, E. Kirda, Panorama: capturing system-wide information flow for malware detection and analysis, The 14th ACM conference on Computer and Communications Security (CCS '07), VA, November 2007, pp. 116-127.