Automated Discovery of Mimicry Attacks

  title={Automated Discovery of Mimicry Attacks},
  author={Jonathon T. Giffin and Somesh Jha and Barton P. Miller},
Model-based anomaly detection systems restrict program ex ecution by a predefined model of allowed system call sequences. These syst ms are useful only if they detect actual attacks. Previous researc h developed manuallyconstructed mimicry and evasion attacks that avoided detec tion by hiding a malicious series of system calls within a valid sequence allow ed by the model. Our work helps to automate the discovery of such attacks. We star t with two models: a program model of the application’s… CONTINUE READING
Highly Cited
This paper has 50 citations. REVIEW CITATIONS

8 Figures & Tables



Citations per Year

fewer than 50 Citations

Semantic Scholar estimates that this publication has 50 citations based on the available data.

See our FAQ for additional information.