1 / 7

Intrusion Detection

Intrusion Detection. Ramiro Rodríguez Advisor: Prof. Emin Gün Sirer. Threats. Applications are vulnerable to security flaws E.g. buffer overflows, memory errors, etc. Intruders can cause applications to misbehave

jeslyn
Download Presentation

Intrusion Detection

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Intrusion Detection Ramiro Rodríguez Advisor: Prof. Emin Gün Sirer

  2. Threats • Applications are vulnerable to security flaws • E.g. buffer overflows, memory errors, etc. • Intruders can cause applications to misbehave • Cause the application to perform sequences of steps that the programmer did not intend

  3. Approach • Build a model of proper application behavior by examining series of system calls issued by an application • Detect when applications deviate from this model

  4. Create a model of what system calls a program is able to execute Check the allowable system calls If a system is made by the application and is not in the model suspend the application and sound an intruder alarm General Idea

  5. Build a call graph Nodes represent addresses Edges are jumps from one address to another Model

  6. Training Phase System Call is made If a new system call is made from a new address add the node and edge to the graph Detection Phase System Call is made Obtain application Call Graph Check if link exists If link exists call original system call Else suspend application and sound alarm Functioning

  7. Future Work • Make the graph describe the parameters passed to the system call as well as the system call • Implement the system fully inside the kernel to avoid other processes from tampering with the loading process

More Related