Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
DSN
2006
IEEE
2006
IEEE
Accurate and Automated System Call Policy-Based Intrusion Prevention
One way to prevent control hijacking attack is to compare a network application’s run-time system calls with a pre-defined normal system call behavior model, and raise an alert upon detecting a mismatch. This paper describes a system called PAID, which can automatically derive an accurate system call pattern from the source code of an application, and use it to detect any anomalous behavior at run time with minimal overhead. Because each application’s system call pattern is directly derived from its source code, PAID never raises false positive alarms. Moreover, its false negative rate is very close to zero because PAID uses the sequence of return addresses on the user/kernel stack to uniquely identify each system call instance. Experiments on a fully operational PAID prototype show that PAID can indeed stop all known control hijacking attacks. The run-time latency and throughput penalty of PAID are under 13.02%
Real-time TrafficComputer Networks | Control Hijacking Attacks | DSN 2006 | Operational Paid Prototype | Source Code |
| Added | 11 Jun 2010 |
| Updated | 11 Jun 2010 |
| Type | Conference |
| Year | 2006 |
| Where | DSN |
| Authors | Lap-Chung Lam, Wei Li, Tzi-cker Chiueh |
Comments (0)
Researcher Info
|
