• DocumentCode
    2564476
  • Title

    An Efficient Technique for Preventing Mimicry and Impossible Paths Execution Attacks

  • Author

    Bruschi, Danilo ; Cavallaro, Lorenzo ; Lanzi, Andrea

  • Author_Institution
    Dipt. di Informatica e Comunicazione, Univ. degli Studi di Milano, Milan
  • fYear
    2007
  • fDate
    11-13 April 2007
  • Firstpage
    418
  • Lastpage
    425
  • Abstract
    In this paper we propose a new strategy for dealing with the impossible path execution (IPE) and the mimicry attack in the N-gram based HIDS model. Our strategy is based on a kernel-level module which interacts with an underlying HIDS and whose main scope is to "randomize" sequences of system calls produced by an application to make them unpredictable by any attacker. We implemented a prototype of such a module on a Linux system in order to experimentally verify the feasibility and efficacy of our idea. The results obtained are quite encouraging, furthermore it turned out that our module is quite efficient, as it affected the performance of a testbed Web server with a slowdown factor of only 5.9%.
  • Keywords
    Internet; Linux; security of data; telecommunication security; HIDS; Linux system; Web server; host intrusion detection system; impossible paths execution attack prevention; mimicry prevention; slowdown factor; Counting circuits; Flow graphs; Information filtering; Information filters; Intrusion detection; Linux; Monitoring; Prototypes; Testing; Web server;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Performance, Computing, and Communications Conference, 2007. IPCCC 2007. IEEE Internationa
  • Conference_Location
    New Orleans, LA
  • ISSN
    1097-2641
  • Print_ISBN
    1-4244-1138-6
  • Electronic_ISBN
    1097-2641
  • Type

    conf

  • DOI
    10.1109/PCCC.2007.358922
  • Filename
    4197958
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=2564476