Unearthing Stealthy Program Attacks Buried in Extremely Long Execution Paths
| dc.contributor.author | Shu, Xiaokui | en |
| dc.contributor.author | Yao, Danfeng (Daphne) | en |
| dc.contributor.author | Ramakrishnan, Naren | en |
| dc.contributor.department | Computer Science | en |
| dc.date.accessioned | 2017-11-17T16:11:24Z | en |
| dc.date.available | 2017-11-17T16:11:24Z | en |
| dc.date.issued | 2015-10 | en |
| dc.description.abstract | Modern stealthy exploits can achieve attack goals without introducing illegal control flows, e.g., tampering with noncontrol data and waiting for the modified data to propagate and alter the control flow legally. Existing program anomaly detection systems focusing on legal control flow attestation and short call sequence verification are inadequate to detect such stealthy attacks. In this paper, we point out the need to analyze program execution paths and discover event correlations in large-scale execution windows among millions of instructions. We propose an anomaly detection approach with two-stage machine learning algorithms to recognize diverse normal call-correlation patterns and detect program attacks at both inter- and intra-cluster levels. We implement a prototype of our approach and demonstrate its effectiveness against three real-world attacks and four synthetic anomalies with less than 0.01% false positive rates and 0.1~1.3 ms analysis overhead per behavior instance (1k to 50k function or system calls). | en |
| dc.identifier.doi | https://doi.org/10.1145/2810103.2813654 | en |
| dc.identifier.uri | http://hdl.handle.net/10919/80428 | en |
| dc.language.iso | en_US | en |
| dc.publisher | ACM | en |
| dc.relation.ispartof | ACM CCS 2015 | en |
| dc.rights | In Copyright | en |
| dc.rights.uri | http://rightsstatements.org/vocab/InC/1.0/ | en |
| dc.subject | Intrusion Detection | en |
| dc.subject | Program Attack | en |
| dc.subject | Long Execution Path | en |
| dc.subject | Function Call | en |
| dc.subject | Event Correlation | en |
| dc.subject | Machine Learning | en |
| dc.title | Unearthing Stealthy Program Attacks Buried in Extremely Long Execution Paths | en |
| dc.title.serial | Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security | en |
| dc.type | Article | en |
Files
Original bundle
1 - 1 of 1
Loading...
- Name:
- YaoStealthyProgramAttacks2015.pdf
- Size:
- 608.37 KB
- Format:
- Adobe Portable Document Format
- Description: