Proceedings PaperRISE: Relational-Integrity-Sensitive-Encoding and data aggregation for intrusion detection
|Format||Member Price||Non-Member Price|
Attacks aim at exploiting vulnerabilities of a program to gain control over its execution. By analyzing the program semantics, relational integrity, and execution paths, this paper presents a relationalintegrity approach to enhance the effectiveness of intrusion detection and prevention systems for malicious program traits. The basic idea is to first identify the main relational properties of program statements with respect to variables and operations like load and store and, then, to decide which relations could be checked through program statements or the guards inserted at the vulnerable points of program. These relational statements are represented by ordered binary decisions diagrams that are constructed for the entire program as well as the overlapping code partitions. When a host-based intrusion detection system monitors the execution of a program by checking the system calls of a process or the function calls of a driver, it may generate alerts for potential exploits. This paper also addresses data aggregation of alerts by considering their attributes and various probability distribution functions, where the Dempster's rule of combination is extended to aggregate data for dependent evidences as well.