A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2011; you can also visit the original URL.
The file type is application/pdf
.
On information flow for intrusion detection
2010
Proceedings of the 2010 workshop on New security paradigms - NSPW '10
Current intrusion detection systems (IDSes) fall into two very limiting categories: appearance-based or behavior-based. These rely on specifying good vs. bad behavior in terms of patterns in the malicious input or in the trace of execution during the attack. Some successful IDS systems have specified attacks in terms of information flow and the influences data sources have on the system, but only in very limited domains such as control data attacks, and typically using information flow tracking
doi:10.1145/1900546.1900551
dblp:conf/nspw/Al-SalehC10
fatcat:nf2yr5mvnbh45czjsrcuxbikoy