Share Email Print

Proceedings Paper

RISE: Relational-Integrity-Sensitive-Encoding and data aggregation for intrusion detection
Author(s): Hasan Cam
Format Member Price Non-Member Price
PDF $17.00 $21.00

Paper Abstract

Attacks aim at exploiting vulnerabilities of a program to gain control over its execution. By analyzing the program semantics, relational integrity, and execution paths, this paper presents a relationalintegrity approach to enhance the effectiveness of intrusion detection and prevention systems for malicious program traits. The basic idea is to first identify the main relational properties of program statements with respect to variables and operations like load and store and, then, to decide which relations could be checked through program statements or the guards inserted at the vulnerable points of program. These relational statements are represented by ordered binary decisions diagrams that are constructed for the entire program as well as the overlapping code partitions. When a host-based intrusion detection system monitors the execution of a program by checking the system calls of a process or the function calls of a driver, it may generate alerts for potential exploits. This paper also addresses data aggregation of alerts by considering their attributes and various probability distribution functions, where the Dempster's rule of combination is extended to aggregate data for dependent evidences as well.

Paper Details

Date Published: 29 May 2012
PDF: 14 pages
Proc. SPIE 8408, Cyber Sensing 2012, 840809 (29 May 2012); doi: 10.1117/12.919343
Show Author Affiliations
Hasan Cam, U.S. Army Research Lab. (United States)

Published in SPIE Proceedings Vol. 8408:
Cyber Sensing 2012
Igor V. Ternovskiy; Peter Chin, Editor(s)

© SPIE. Terms of Use
Back to Top
Sign in to read the full article
Create a free SPIE account to get access to
premium articles and original research
Forgot your username?