On Detection of Erratic Arguments

Due to the erratic nature, the value of a function argument in one normal program execution could become illegal in another normal execution context. Attacks utilizing such erratic arguments are able to evade detections as fine-grained context information is unavailable in many existing detection sc...

Full description

Saved in:
Bibliographic Details
Main Authors: HAN, Jin, YAN, Qiang, DENG, Robert H., GAO, Debin
Format: text
Language:English
Published: Institutional Knowledge at Singapore Management University 2011
Subjects:
Online Access:https://ink.library.smu.edu.sg/sis_research/1429
https://ink.library.smu.edu.sg/context/sis_research/article/2428/viewcontent/DetectionErraticArguments_Securecomm_2011.pdf
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Singapore Management University
Language: English
id sg-smu-ink.sis_research-2428
record_format dspace
spelling sg-smu-ink.sis_research-24282016-05-11T14:32:41Z On Detection of Erratic Arguments HAN, Jin YAN, Qiang DENG, Robert H. GAO, Debin Due to the erratic nature, the value of a function argument in one normal program execution could become illegal in another normal execution context. Attacks utilizing such erratic arguments are able to evade detections as fine-grained context information is unavailable in many existing detection schemes. In order to obtain such fine-grained context information, a precise model on the internal program states has to be built, which is impractical especially monitoring a closed source program alone. In this paper, we propose an intrusion detection scheme which builds on two diverse programs providing semantically-close functionality. Our model learns underlying semantic correlation of the argument values in these programs, and consequently gains more accurate context information compared to existing schemes. Through experiments, we show that such context information is effective in detecting attacks which manipulate erratic arguments with comparable false positive rates. 2011-09-01T07:00:00Z text application/pdf https://ink.library.smu.edu.sg/sis_research/1429 info:doi/10.1007/978-3-642-31909-9_10 https://ink.library.smu.edu.sg/context/sis_research/article/2428/viewcontent/DetectionErraticArguments_Securecomm_2011.pdf http://creativecommons.org/licenses/by-nc-nd/4.0/ Research Collection School Of Computing and Information Systems eng Institutional Knowledge at Singapore Management University Intrusion detection system call argument diversity Information Security
institution Singapore Management University
building SMU Libraries
continent Asia
country Singapore
Singapore
content_provider SMU Libraries
collection InK@SMU
language English
topic Intrusion detection
system call argument
diversity
Information Security
spellingShingle Intrusion detection
system call argument
diversity
Information Security
HAN, Jin
YAN, Qiang
DENG, Robert H.
GAO, Debin
On Detection of Erratic Arguments
description Due to the erratic nature, the value of a function argument in one normal program execution could become illegal in another normal execution context. Attacks utilizing such erratic arguments are able to evade detections as fine-grained context information is unavailable in many existing detection schemes. In order to obtain such fine-grained context information, a precise model on the internal program states has to be built, which is impractical especially monitoring a closed source program alone. In this paper, we propose an intrusion detection scheme which builds on two diverse programs providing semantically-close functionality. Our model learns underlying semantic correlation of the argument values in these programs, and consequently gains more accurate context information compared to existing schemes. Through experiments, we show that such context information is effective in detecting attacks which manipulate erratic arguments with comparable false positive rates.
format text
author HAN, Jin
YAN, Qiang
DENG, Robert H.
GAO, Debin
author_facet HAN, Jin
YAN, Qiang
DENG, Robert H.
GAO, Debin
author_sort HAN, Jin
title On Detection of Erratic Arguments
title_short On Detection of Erratic Arguments
title_full On Detection of Erratic Arguments
title_fullStr On Detection of Erratic Arguments
title_full_unstemmed On Detection of Erratic Arguments
title_sort on detection of erratic arguments
publisher Institutional Knowledge at Singapore Management University
publishDate 2011
url https://ink.library.smu.edu.sg/sis_research/1429
https://ink.library.smu.edu.sg/context/sis_research/article/2428/viewcontent/DetectionErraticArguments_Securecomm_2011.pdf
_version_ 1770571117593886720