Yudai Kato, Yuji Makimoto, Hironori Shirai, Hiromi Shimizu, Yusuke Furuya, S. Saito, H. Matsuo
{"title":"基于监控库功能的持续执行机制入侵防御系统","authors":"Yudai Kato, Yuji Makimoto, Hironori Shirai, Hiromi Shimizu, Yusuke Furuya, S. Saito, H. Matsuo","doi":"10.1109/EUC.2010.89","DOIUrl":null,"url":null,"abstract":"Anomaly-based Intrusion Prevention Systems have been studied to prevent zero-day attacks. However these existing systems can $B!G (Bt prevent mimicry attacks because of the inadequacy of monitoring accuracy. Moreover, they provide no continuity for monitored applications when they have been compromised. In this paper, we propose a novel Intrusion Prevention System named Belem that detects anomaly states by checking the ordering of library functions and has a Continuing Execution Mechanism to provide application continuity. We implemented Belem on Linux and evaluated it.","PeriodicalId":265175,"journal":{"name":"2010 IEEE/IFIP International Conference on Embedded and Ubiquitous Computing","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2010-12-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"Monitoring Library Function-based Intrusion Prevention System with Continuing Execution Mechanism\",\"authors\":\"Yudai Kato, Yuji Makimoto, Hironori Shirai, Hiromi Shimizu, Yusuke Furuya, S. Saito, H. Matsuo\",\"doi\":\"10.1109/EUC.2010.89\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Anomaly-based Intrusion Prevention Systems have been studied to prevent zero-day attacks. However these existing systems can $B!G (Bt prevent mimicry attacks because of the inadequacy of monitoring accuracy. Moreover, they provide no continuity for monitored applications when they have been compromised. In this paper, we propose a novel Intrusion Prevention System named Belem that detects anomaly states by checking the ordering of library functions and has a Continuing Execution Mechanism to provide application continuity. We implemented Belem on Linux and evaluated it.\",\"PeriodicalId\":265175,\"journal\":{\"name\":\"2010 IEEE/IFIP International Conference on Embedded and Ubiquitous Computing\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2010-12-11\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2010 IEEE/IFIP International Conference on Embedded and Ubiquitous Computing\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/EUC.2010.89\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2010 IEEE/IFIP International Conference on Embedded and Ubiquitous Computing","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/EUC.2010.89","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Monitoring Library Function-based Intrusion Prevention System with Continuing Execution Mechanism
Anomaly-based Intrusion Prevention Systems have been studied to prevent zero-day attacks. However these existing systems can $B!G (Bt prevent mimicry attacks because of the inadequacy of monitoring accuracy. Moreover, they provide no continuity for monitored applications when they have been compromised. In this paper, we propose a novel Intrusion Prevention System named Belem that detects anomaly states by checking the ordering of library functions and has a Continuing Execution Mechanism to provide application continuity. We implemented Belem on Linux and evaluated it.