FLIPS: Hybrid Adaptive Intrusion Prevention

13 years 9 months ago

Download www.cs.dartmouth.edu

Intrusion detection systems are fundamentally passive and fail–open. Because their primary task is classiﬁcation, they do nothing to prevent an attack from succeeding. An intrusion prevention system (IPS) adds protection mechanisms that provide fail–safe semantics, automatic response capabilities, and adaptive enforcement. We present FLIPS (Feedback Learning IPS), a hybrid approach to host security that prevents binary code injection attacks. It incorporates three major components: an anomaly-based classiﬁer, a signature-based ﬁltering scheme, and a supervision framework that employs Instruction Set Randomization (ISR). Since ISR prevents code injection attacks and can also precisely identify the injected code, we can tune the classiﬁer and the ﬁlter via a learning mechanism based on this feedback. Capturing the injected code allows FLIPS to construct signatures for zero-day exploits. The ﬁlter can discard input that is anomalous or matches known malicious input, eﬀec...

Michael E. Locasto, Ke Wang, Angelos D. Keromytis,

Real-time Traffic

Code Allows Flips | Code Injection Attacks | FLIPS | RAID 2005 |

claim paper

Post Info
More Details (n/a)

Added	28 Jun 2010
Updated	28 Jun 2010
Type	Conference
Year	2005
Where	RAID
Authors	Michael E. Locasto, Ke Wang, Angelos D. Keromytis, Salvatore J. Stolfo

Comments (0)

Sciweavers

FLIPS: Hybrid Adaptive Intrusion Prevention

Code Allows Flips | Code Injection Attacks | FLIPS | RAID 2005 |

Explore & Download

Productivity Tools

Document Tools

Image Tools

Sciweavers