・名古屋工業大学学術機関リポジトリは、名古屋工業大学内で生産された学術情報を電子的に収集・保存・発信するシステムです。 ・論文の著作権は、著者または出版社が保持しています。著作権法で定める権利制限規定を超える利用については、著作権者に許諾を得てください。 ・著者版フラグに「author」と記載された論文は、著者原稿となります。実際の出版社版とは、レイアウト、字句校正レベルの異同がある場合もあります。 ・Nagoya Institute of Technology Repository Sytem is built to collect, archive and offer electronically the academic information produced by Nagoya Institute of Technology. ・The copyright and related rights of the article are held by authors or publishers. The copyright owners' consents must be required to use it over the curtailment of copyrights. ・Textversion "Author " means the article is author's version. Author version may have some difference in layouts and wordings form publisher version.
Monitoring Library Function-based Intrusion Prevention System with Continuing Execution Mechanism
利用統計を見る
File / Name
License
本文_fulltext
c2010 IEEE. Personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained from the IEEE.
Anomaly-based Intrusion Prevention Systems have been studied to prevent zero-day attacks. However these existing systems can't prevent mimicry attacks because of the inadequacy of monitoring accuracy. Moreover, they provide no continuity for monitored applications when they have been compromised. In this paper, we propose a novel Intrusion Prevention System named Belem that detects anomaly states by checking the ordering of library functions and has a Continuing Execution Mechanism to provide application continuity. We implemented Belem on Linux and evaluated it.
Monitoring Library Function-based Intrusion Prevention System with Continuing Execution Mechanism
本文_fulltext
(358.17KB)
