Detecting illegal system calls using a data-oriented detection model - Future Challenges in Security and Privacy for Academia and Industry
Conference Papers Year : 2011

Detecting illegal system calls using a data-oriented detection model

Abstract

The most common anomaly detection mechanisms at application level consist in detecting a deviation of the control-flow of a program. A popular method to detect such anomaly is the use of application sequences of system calls. However, such methods do not detect mimicry attacks or attacks against the integrity of the system call parameters. To enhance such detection mechanisms, we propose an approach to detect in the application the corruption of data items that have an influence on the system calls. This approach consists in building automatically a data-oriented behaviour model of an application by static analysis of its source code. The proposed approach is illustrated on various examples, and an injection method is experimented to obtain an approximation of the detection coverage of the generated mechanisms.
Fichier principal
Vignette du fichier
ifipsec2011.pdf (177.05 Ko) Télécharger le fichier
Origin Files produced by the author(s)
Loading...

Dates and versions

hal-00657971 , version 1 (09-01-2012)

Licence

Identifiers

Cite

Jonathan-Christofer Demay, Frédéric Majorczyk, Eric Totel, Frédéric Tronel. Detecting illegal system calls using a data-oriented detection model. 26th International Information Security Conference (SEC), Jun 2011, Lucerne, Switzerland. pp.305-316, ⟨10.1007/978-3-642-21424-0_25⟩. ⟨hal-00657971⟩
426 View
261 Download

Altmetric

Share

More