In this paper we propose a new strategy for dealing with the impossible path execution (IPE) and the mimicry attack in the N-gram based HIDS model. Our strategy is based on a kernel-level module which interacts with an underlying HIDS and whose main scope is to "randomize" sequences of system calls produced by an application to make them unpredictable by any attacker. We implemented a prototype of such a module on a Linux system in order to experimentally verify the feasibility and efficacy of our idea. The results obtained are quite encouraging, furthermore it turned out that our module is quite efficient, as it affected the performance of a testbed web server with a slowdown factor of only 5.9%.

An efficient technique for preventing mimicry and impossible paths execution attacks / D. Bruschi, L. Cavallaro, A. Lanzi - In: 26th IEEE International Performance Computing and Communications Conference : IPCCC 2007 : April 11-13, 2007, New Orleans, Louisiana, USAPiscataway : IEEE Computer Society, 2007. - ISBN 1424411386. - pp. 418-425 (( Intervento presentato al 27. convegno IEEE International Performance Computing and Communications Conference : IPCCC 07 tenutosi a New Orleans nel 2007.

An efficient technique for preventing mimicry and impossible paths execution attacks

D. Bruschi
;
L. Cavallaro
Secondo
;
A. Lanzi
Ultimo
2007

Abstract

In this paper we propose a new strategy for dealing with the impossible path execution (IPE) and the mimicry attack in the N-gram based HIDS model. Our strategy is based on a kernel-level module which interacts with an underlying HIDS and whose main scope is to "randomize" sequences of system calls produced by an application to make them unpredictable by any attacker. We implemented a prototype of such a module on a Linux system in order to experimentally verify the feasibility and efficacy of our idea. The results obtained are quite encouraging, furthermore it turned out that our module is quite efficient, as it affected the performance of a testbed web server with a slowdown factor of only 5.9%.
Engineering (all)
Settore INF/01 - Informatica
Book Part (author)
File in questo prodotto:
Non ci sono file associati a questo prodotto.
Pubblicazioni consigliate

Caricamento pubblicazioni consigliate

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/2434/258856
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 12
  • ???jsp.display-item.citation.isi??? 7
social impact