{"title":"面向并发程序的自适应入侵检测系统:一种基于Petri网的方法","authors":"Jean-Baptiste Voron, Clément Démoulins, F. Kordon","doi":"10.1109/ACSD.2010.32","DOIUrl":null,"url":null,"abstract":"Intrusion detection systems (IDS) are one way to tackle the increasing number of attacks that exploit software vulnerabilities. However, the construction of such a security system is a delicate process involving: (i) the acquisition of the monitored program behavior and its storage in a compact way, (ii) the generation of a monitor detecting deviances in the program behavior. These problems are emphasized when dealing with complex or parallel programs. This paper presents a new approach to automatically generate a dedicated and customized IDS from C sources targeting multi-threaded programs. We use Petri Nets to benefit from a formal description able to compactly describe parallel behaviors. Obtained models can then be enhanced with extra requirements such as resources usage limits or temporal execution bounds by means of observers. We illustrate the benefits of our approach on a recent class of attacks targeting web servers.","PeriodicalId":169191,"journal":{"name":"2010 10th International Conference on Application of Concurrency to System Design","volume":"20 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2010-06-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"10","resultStr":"{\"title\":\"Adaptable Intrusion Detection Systems Dedicated to Concurrent Programs: A Petri Net-Based Approach\",\"authors\":\"Jean-Baptiste Voron, Clément Démoulins, F. Kordon\",\"doi\":\"10.1109/ACSD.2010.32\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Intrusion detection systems (IDS) are one way to tackle the increasing number of attacks that exploit software vulnerabilities. However, the construction of such a security system is a delicate process involving: (i) the acquisition of the monitored program behavior and its storage in a compact way, (ii) the generation of a monitor detecting deviances in the program behavior. These problems are emphasized when dealing with complex or parallel programs. This paper presents a new approach to automatically generate a dedicated and customized IDS from C sources targeting multi-threaded programs. We use Petri Nets to benefit from a formal description able to compactly describe parallel behaviors. Obtained models can then be enhanced with extra requirements such as resources usage limits or temporal execution bounds by means of observers. We illustrate the benefits of our approach on a recent class of attacks targeting web servers.\",\"PeriodicalId\":169191,\"journal\":{\"name\":\"2010 10th International Conference on Application of Concurrency to System Design\",\"volume\":\"20 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2010-06-21\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"10\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2010 10th International Conference on Application of Concurrency to System Design\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ACSD.2010.32\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2010 10th International Conference on Application of Concurrency to System Design","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ACSD.2010.32","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Adaptable Intrusion Detection Systems Dedicated to Concurrent Programs: A Petri Net-Based Approach
Intrusion detection systems (IDS) are one way to tackle the increasing number of attacks that exploit software vulnerabilities. However, the construction of such a security system is a delicate process involving: (i) the acquisition of the monitored program behavior and its storage in a compact way, (ii) the generation of a monitor detecting deviances in the program behavior. These problems are emphasized when dealing with complex or parallel programs. This paper presents a new approach to automatically generate a dedicated and customized IDS from C sources targeting multi-threaded programs. We use Petri Nets to benefit from a formal description able to compactly describe parallel behaviors. Obtained models can then be enhanced with extra requirements such as resources usage limits or temporal execution bounds by means of observers. We illustrate the benefits of our approach on a recent class of attacks targeting web servers.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
