Taint-Enhanced Anomaly Detection. - Internet Archive Scholar

Anomaly detection identifies unusual behaviors, while fine-grained taint can filter out behaviors that do not seem controlled by attacker-provided data. ... Our combination is very effective, detecting attack types that have been problematic for taint-based techniques, while significantly cutting down the false positives experienced by anomaly detection. ... We present a new technique, called taint-enhanced anomaly detection (TEAD), that combines the strengths of system-call-based anomaly detection with fine-grained tainttracking. ...

doi:10.1007/978-3-642-25560-1_11 fatcat:i47aeqqekfepzbs5m3zcdc53om

General Terms Pattern Recognition, Permission based detection Technique. ... In this review paper, a fastidious study of the terms related to mobile malware and the techniques used for the detection of malware is done. ... HIDS,NIDS Anomaly based Detection Android Taint-Droid: It is a system which monitors android application and alert user when sensitive data is found. ...

doi:10.5120/ijca2016909159 fatcat:vxgeajtb6bcdhjrsydwwenxeji

Moreover, by decoupling mechanisms for taint tracking from security policies, SHIFT can detect a wide range of exploits, including high-level semantic attacks. ... Based on this observation, we propose SHIFT, a low-overhead, software-based dynamic information flow tracking system to detect a wide range of attacks. ... flow anomalies; and hardware-based systems [25, 24, 7, 8, 26] that provide architectural enhancements to improve the efficiency of information flow tracking. ...

doi:10.1145/1394608.1382156 fatcat:4rfuygu6vjgh5jmb5k7dt5ubmu

Moreover, by decoupling mechanisms for taint tracking from security policies, SHIFT can detect a wide range of exploits, including high-level semantic attacks. ... Based on this observation, we propose SHIFT, a low-overhead, software-based dynamic information flow tracking system to detect a wide range of attacks. ... flow anomalies; and hardware-based systems [25, 24, 7, 8, 26] that provide architectural enhancements to improve the efficiency of information flow tracking. ...

doi:10.1109/isca.2008.18 dblp:conf/isca/ChenWYZYC08 fatcat:yjpye3xdfncgljndzhmu3jm6n4

In this paper, we propose an approach that would enhance the detection of such attacks. ... Related Work Most recent application level anomaly-based intrusion detection systems rely on the immunological approach introduced by Forrest and al. [11] . This approach is ... funded by the french DGA (General Delegation for Armament) and the french CNRS (National Center for Scientific Research) in the context of the DALI (Design and Assessment of application Level Intrusion detection ...

doi:10.1007/978-3-642-03007-9_21 fatcat:a4l44alkcfhxjhbfqzyo2vql4a

In this paper we propose a framework based on misuse and anomaly detection techniques to detect SQL injection attack. ... As a second step in the detection process, the structure of the query under observation will be compared against the legitimate queries stored in the XML file thus minimizing false positive alarms. ... a tainted query. ...

doi:10.14569/ijacsa.2012.030321 fatcat:nt2kaelnk5dwrg4pvd53nk4t7u

Szczepanski

CloudER leverages an existing taint-based system (Demand Emulation) for runtime anomaly detection, employs new algorithms for software vulnerability location and patch generation, and adapts a virtual ... The challenge is to facilitate the automatic runtime detection, location, and patching of the software vulnerability -outside the VMs and without the source code. ... Upon the detection of a taint-based anomaly, CloudER will locate the instructions directly responsible for the anomaly and further generate a binary patch to bypass those instructions yet maintaining the ...

doi:10.1145/2414456.2414485 dblp:conf/ccs/ChenXM12 fatcat:26gepyy5rrgydnftb3qlk2v2oy

In the new system, if any form of new anomaly occurs, then a new anomaly pattern will be updated to the existing static pattern list. ... We have proposed a detection and prevention technique for SQL Injection Attack (SQLIA) using modified Aho-Corasick pattern matching algorithm. ... Another technique for the same uses static Anomaly Detection using Aho-Corasick Pattern matching algorithm. The anomaly SQL Queries are detection in static phase. ...

doi:10.1016/j.procs.2015.03.078 fatcat:dxsy4ifwqncvfbtftypb3jpjvu

Open Access

We propose a fine-grained dynamic taint analysis system to detect different fields in an input and monitor the propagation of these fields, and show that deviations from the execution pattern learned signal ... In this paper, we propose a novel approach to detect memory corruptions at the binary level. ... instructions, and the anomaly could be captured through patterns on the input processing. ...

doi:10.1007/978-3-642-33383-5_10 fatcat:bug4wzejnnfijjcrn6aiaayfm4

This paper presents a novel classification scheme of the state-of-the-art of intrusion detection approaches in the cloud. ... Additionally, robust IDSs need novel detection techniques to keep up with modern sophisticated attacks that target cloud environments. ... CloudFence [36] and its enhanced design ECloudFence [37] use dynamic taint analysis to detect and prevent attacks that violate the confidentiality of data-flow in order to protect against data leakage ...

doi:10.2197/ipsjjip.23.392 fatcat:toie6prmtzfw7glfqcee3namre

anomalies. ... If an anomaly is detected, the application instructs the controller on how to reprogram the data plane to mitigate it. ...

doi:10.1177/1550147716662947 fatcat:d63ugyia3ve3hd65oe3osqzuqi

DOAJ

This paper has carried out the literature survey in direction of identifying the new attack vectors, vulnerabilities, detection mechanism, research gaps and new working areas in same field. ... Hence, there is a need to develop a framework that can detect different levels of vulnerabilities, ranging from client side vulnerabilities, communication side vulnerabilities to server side vulnerabilities ... , online anomaly behavior analysis, etc. ...

doi:10.35940/ijeat.c4778.029320 fatcat:jir2atlqffav3h5jozekw2gsum

Open Access

It is clear that taints graphs could significantly enhance intrusion diagnosis. ... Taint propagation paths are typically determined by data flows and implicit flows in a computer program. And the union of all the taint propagation paths forms a taint graph. ... In [21] , a framework is proposed to generate invariants for anomaly detection in ICS. ...

arXiv:2109.12774v1 fatcat:ew7vfoppcfgcrkpx5wm7ehvsw4

A comprehensive provenance graph-based threat detection system can be divided into three modules, namely, "data collection module", "data management module", and "threat detection modules". ... In this paper, we firstly introduce the basic concepts about system-level provenance graph and proposed typical system architecture for provenance graph-based threat detection and investigation. ... However, this is an anomaly detection-based approaches, which thus suffers from the limitation of anomaly detection. 2) Anomaly Score-based Detection Anomaly score-based detection tries to quantify the ...

arXiv:2006.01722v3 fatcat:ofx2geac3rggvo5kz3zenbmpvq

Multiple Versions

We extended a state-of-the-art HLS tool to generate DIFT-enhanced accelerators and demonstrated the approach on numerous benchmarks. ... Untrusted data are marked with tags (tainted), which are propagated through the system and their potential for unsafe use is analyzed to prevent them. ... Accelerators without DIFT support may compromise the tag propagation and identification of anomalies. ...

doi:10.1109/tcad.2018.2834421 fatcat:ws7b3zayfraknk2qwfyq33kana

Taint-Enhanced Anomaly Detection [chapter]

Preserved Fulltext

A Survey on Various Malware Detection Techniques on Mobile Platform

Preserved Fulltext

From Speculation to Security

Preserved Fulltext

From Speculation to Security: Practical and Efficient Information Flow Tracking Using Speculative Hardware

Preserved Fulltext

Building an Application Data Behavior Model for Intrusion Detection [chapter]

Preserved Fulltext

Web Anomaly Misuse Intrusion Detection Framework for SQL Injection Detection

Preserved Fulltext

CloudER

Preserved Fulltext

Implementation of Pattern Matching Algorithm to Defend SQLIA

Preserved Fulltext

Learning Fine-Grained Structured Input for Memory Corruption Detection [chapter]

Preserved Fulltext

A Classification of Intrusion Detection Systems in the Cloud

Preserved Fulltext

Using malware for software-defined networking–based smart home security management through a taint checking approach

Preserved Fulltext

A Framework for Web Application Vulnerability Detection

Preserved Fulltext

Cyber-Physical Taint Analysis in Multi-stage Manufacturing Systems (MMS): A Case Study [article]

Preserved Fulltext

Threat Detection and Investigation with System-level Provenance Graphs: A Survey [article]

Preserved Fulltext

Other Versions

TaintHLS: High-Level Synthesis For Dynamic Information Flow Tracking

Preserved Fulltext