Dataflow Anomaly Detection

By S. Bhatkar, A. Chaturvedi and R. Sekar

Proceedings of the 2006 IEEE Symposium on Security and Privacy

Usually intrusion detection system based on modeling behaviours of programs in terms of system call sequences focus on control flows, with little emphasis on data flow involving system call arguments. In contrast, this paper presents an intrusion detection technique that is based on learning temporal properties involving arguments of different system calls, thus capturing the flow of security-sensitive data through the program. Basically, the approach hypothesizes the flows that may be present, based on relationships observed between the parameters of different system calls. Dataflow properties are categorized into unary relations that involve properties of a single system call argument, and binary relations that involve arguments of two different system calls.

The paper can be found here.

Like this:

Be the first to like this post.

This entry was posted on November 24, 2008 at 15:08 and is filed under Systems Security with tags information flow control. You can follow any responses to this entry through the RSS 2.0 feed You can skip to the end and leave a response. Pinging is currently not allowed.

Leave a Reply Cancel reply

Enter your comment here...

Please log in using one of these methods to post your comment:

Email (Address never made public)

Name

Website

You are commenting using your WordPress.com account. ( Log Out / Change )

You are commenting using your Twitter account. ( Log Out / Change )

You are commenting using your Facebook account. ( Log Out / Change )

Cancel

Connecting to %s

Papers I have read and you should too.