Abstract | ||
---|---|---|
Application level intrusion detection systems usually rely on the immunological approach. In this approach, the application behavior is compared at runtime with a previously learned application profile of the sequence of system calls it is allowed to emit. Unfortunately, this approach cannot detect anything but control flow violation and thus remains helpless in detecting the attacks that aim pure application data. In this paper, we propose an approach that would enhance the detection of such attacks. Our proposal relies on a data oriented behavioral model that builds the application profile out of dynamically extracted invariant constraints on the application data items. |
Year | DOI | Venue |
---|---|---|
2009 | 10.1007/978-3-642-03007-9_21 | DBSec |
Keywords | Field | DocType |
control flow violation,intrusion detection,pure application data,application behavior,application profile,application data behavior model,application level intrusion detection,invariant constraint,behavioral model,immunological approach,application data item,control flow,intrusion detection system,behavior modeling | Application profile,Behavioral modeling,Control flow,Real-time computing,Intrusion prevention system,Anomaly-based intrusion detection system,Invariant (mathematics),Engineering,Intrusion detection system | Conference |
Volume | ISSN | Citations |
5645 | 0302-9743 | 1 |
PageRank | References | Authors |
0.35 | 16 | 3 |
Name | Order | Citations | PageRank |
---|---|---|---|
Olivier Sarrouy | 1 | 4 | 0.77 |
Eric Totel | 2 | 56 | 9.73 |
Bernard Jouga | 3 | 68 | 9.47 |