Abstract | ||
---|---|---|
An epidemic is malicious code running on a subset of a community, a homogeneous set of instances of an application. Syzygy is an epidemic detection framework that looks for time-correlated anomalies, i.e., divergence from a model of dynamic behavior. We show mathematically and experimentally that, by leveraging the statistical properties of a large community, Syzygy is able to detect epidemics even under adverse conditions, such as when an exploit employs both mimicry and polymorphism. This work provides a mathematical basis for Syzygy, describes our particular implementation, and tests the approach with a variety of exploits and on commodity server and desktop applications to demonstrate its effectiveness. |
Year | DOI | Venue |
---|---|---|
2010 | 10.1007/978-3-642-15512-3_19 | RAID |
Keywords | Field | DocType |
statistical property,commodity server,particular implementation,time-correlated anomaly,epidemic detection framework,community epidemic detection,mathematical basis,adverse condition,dynamic behavior,large community,desktop application,malicious code,community,polymorphism | Computer science,Computer security,Homogeneous,Syzygy (astronomy),Exploit,Adverse conditions | Conference |
Volume | ISSN | ISBN |
6307 | 0302-9743 | 3-642-15511-1 |
Citations | PageRank | References |
12 | 0.66 | 35 |
Authors | ||
3 |
Name | Order | Citations | PageRank |
---|---|---|---|
Adam J. Oliner | 1 | 715 | 51.10 |
Ashutosh V. Kulkarni | 2 | 43 | 1.96 |
Alex Aiken | 3 | 5009 | 461.41 |