Automated Discovery of Mimicry Attacks

@inproceedings{Giffin2006AutomatedDO,
  title={Automated Discovery of Mimicry Attacks},
  author={Jonathon T. Giffin and Somesh Jha and Barton P. Miller},
  booktitle={RAID},
  year={2006}
}
Model-based anomaly detection systems restrict program ex ecution by a predefined model of allowed system call sequences. These syst ms are useful only if they detect actual attacks. Previous researc h developed manuallyconstructed mimicry and evasion attacks that avoided detec tion by hiding a malicious series of system calls within a valid sequence allow ed by the model. Our work helps to automate the discovery of such attacks. We star t with two models: a program model of the application’s… CONTINUE READING
Highly Cited
This paper has 50 citations. REVIEW CITATIONS

8 Figures & Tables

Topics

Statistics

0510'06'07'08'09'10'11'12'13'14'15'16'17'18
Citations per Year

fewer than 50 Citations

Semantic Scholar estimates that this publication has 50 citations based on the available data.

See our FAQ for additional information.