FLIPS: Hybrid Adaptive Intrusion Prevention

12 years 3 months ago
FLIPS: Hybrid Adaptive Intrusion Prevention
Intrusion detection systems are fundamentally passive and fail–open. Because their primary task is classification, they do nothing to prevent an attack from succeeding. An intrusion prevention system (IPS) adds protection mechanisms that provide fail–safe semantics, automatic response capabilities, and adaptive enforcement. We present FLIPS (Feedback Learning IPS), a hybrid approach to host security that prevents binary code injection attacks. It incorporates three major components: an anomaly-based classifier, a signature-based filtering scheme, and a supervision framework that employs Instruction Set Randomization (ISR). Since ISR prevents code injection attacks and can also precisely identify the injected code, we can tune the classifier and the filter via a learning mechanism based on this feedback. Capturing the injected code allows FLIPS to construct signatures for zero-day exploits. The filter can discard input that is anomalous or matches known malicious input, effec...
Michael E. Locasto, Ke Wang, Angelos D. Keromytis,
Added 28 Jun 2010
Updated 28 Jun 2010
Type Conference
Year 2005
Where RAID
Authors Michael E. Locasto, Ke Wang, Angelos D. Keromytis, Salvatore J. Stolfo
Comments (0)