Automated Discovery of Mimicry Attacks

机译：自动发现模仿攻击

获取原文

获取原文并翻译 | 示例

页面导航

摘要
著录项
相似文献
相关主题

摘要

Model-based anomaly detection systems restrict program execution by a predefined model of allowed system call sequences. These systems are useful only if they detect actual attacks. Previous research developed manually-constructed mimicry and evasion attacks that avoided detection by hiding a malicious series of system calls within a valid sequence allowed by the model. Our work helps to automate the discovery of such attacks. We start with two models: a program model of the application's system call behavior and a model of security-critical operating system state. Given unsafe OS state configurations that describe the goals of an attack, we then find system call sequences allowed as valid execution by the program model that produce the unsafe configurations. Our experiments show that we can automatically find attack sequences in models of programs such as wu-ftpd and passwd that previously have only been discovered manually. When undetected attacks are present, we frequently find the sequences with less than 2 seconds of computation.

机译：基于模型的异常检测系统通过允许的系统调用序列的预定义模型来限制程序执行。这些系统仅在检测到实际攻击时才有用。先前的研究开发了人工构造的模仿和规避攻击，通过在模型允许的有效序列内隐藏一系列恶意的系统调用来避免检测。我们的工作有助于自动发现此类攻击。我们从两个模型开始：应用程序的系统调用行为的程序模型和安全性至关重要的操作系统状态的模型。给定描述攻击目标的不安全OS状态配置，然后我们会找到产生不安全配置的程序模型允许作为有效执行的系统调用序列。我们的实验表明，我们可以在程序模型（例如wu-ftpd和passwd）中自动找到攻击序列，这些程序以前只是手动发现的。当出现未检测到的攻击时，我们经常发现序列少于2秒的计算时间。

著录项

来源
《International Symposium on Recent Advances in Intrusion Detection(RAID 2006); 20060920-22; Hamburg(DE)》|2006年|41-60|共20页
会议地点 Hamburg(DE)
作者
Jonathon T. Giffin; Somesh Jha; Barton P. Miller;
展开▼
作者单位

Computer Sciences Department, University of Wisconsin;

展开▼
会议组织
原文格式 PDF
正文语种 eng
中图分类安全保密;
关键词
IDS evaluation; model checking; attacks; model-based anomaly detection;

机译：IDS评估；模型检查；攻击基于模型的异常检测;

相似文献

外文文献
中文文献
专利

1. Automated Discovery of JavaScript Code Injection Attacks in PHP Web Applications [J] . Shashank Gupta, B.B. Gupta Procedia Computer Science . 2016,第1期

机译：在PHP Web应用程序中自动发现JavaScript代码注入攻击
2. A Novel Security Protocol Attack Detection Logic with Unique Fault Discovery Capability for Freshness Attacks and Interleaving Session Attacks [J] . Jurcut Anca, Coffey Tom, Dojen Reiner IEEE transactions on dependable and secure computing . 2019,第6期

机译：一种新颖的安全协议攻击检测逻辑，具有针对新鲜攻击和交叉会话攻击的独特故障发现能力
3. Voice Mimicry Attacks Assisted by Automatic Speaker Verification [J] . Vestman Ville, Kinnunen Tomi, Hautamaki Rosa Gonzalez, Computer speech and language . 2020,第Jana期

机译：自动说话人验证辅助语音模仿攻击
4. Automated Discovery of Mimicry Attacks [C] . Jonathon T. Giffin, Somesh Jha, Barton P. Miller International Symposium on Recent Advances in Intrusion Detection(RAID 2006); 20060920-22; Hamburg(DE) . 2006

机译：自动发现模仿攻击
5. Analysis and Automated Discovery of Attacks in Transport Protocols [D] . Jero, Samuel C. 2018

机译：分析和自动发现传输协议中的攻击
6. Quantifying Vocal Mimicry in the Greater Racket-Tailed Drongo: A Comparison of Automated Methods and Human Assessment [O] . Samira Agnihotri, P. V. D. S. Sundeep, Chandra Sekhar Seelamantula, -1

机译：量化大拍尾Drongo中的人声模仿：自动方法与人体评估的比较
7. Automated discovery of mimicry attacks [O] . Jonathon T. Giffin, Somesh Jha, Barton P. Miller 2006

机译：自动发现模仿攻击
8. Automated Discovery of Mimicry Attacks [R] . Giffin, J. T. , Jha, S. , Miller, B. P. 2006

机译：自动发现模仿攻击

Automated Discovery of Mimicry Attacks

摘要

著录项

相似文献

相关主题

期刊订阅