Detecting illegal system calls using a data-oriented detection model - Archive ouverte HAL Accéder directement au contenu
Communication Dans Un Congrès Année : 2011

Detecting illegal system calls using a data-oriented detection model

Résumé

The most common anomaly detection mechanisms at application level consist in detecting a deviation of the control-flow of a program. A popular method to detect such anomaly is the use of application sequences of system calls. However, such methods do not detect mimicry attacks or attacks against the integrity of the system call parameters. To enhance such detection mechanisms, we propose an approach to detect in the application the corruption of data items that have an influence on the system calls. This approach consists in building automatically a data-oriented behaviour model of an application by static analysis of its source code. The proposed approach is illustrated on various examples, and an injection method is experimented to obtain an approximation of the detection coverage of the generated mechanisms.
Fichier principal
Vignette du fichier
ifipsec2011.pdf (177.05 Ko) Télécharger le fichier
Origine : Fichiers produits par l'(les) auteur(s)
Loading...

Dates et versions

hal-00657971 , version 1 (09-01-2012)

Licence

Paternité

Identifiants

Citer

Jonathan-Christofer Demay, Frédéric Majorczyk, Eric Totel, Frédéric Tronel. Detecting illegal system calls using a data-oriented detection model. 26th International Information Security Conference (SEC), Jun 2011, Lucerne, Switzerland. pp.305-316, ⟨10.1007/978-3-642-21424-0_25⟩. ⟨hal-00657971⟩
384 Consultations
200 Téléchargements

Altmetric

Partager

Gmail Facebook X LinkedIn More