Using Branch Correlation to Identify Infeasible Paths for Anomaly Detection

Using Branch Correlation to Identify Infeasible Paths for Anomaly Detection

In this paper, we propose a system called Infeasible Path Detection System (IPDS) to combat memory tampering attacks causing invalid program control flows. In our system, the compiler analyzes correlations between branches and then the analyzed information is conveyed to the runtime system. The runt...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Zhuang, Xiaotong, Zhang, Tao, Pande, Santosh
Format: Tagungsbericht
Sprache:eng
Schlagworte:
Automata
Buffer overflow
Control systems
Decision making
Educational institutions
Hardware > Communication hardware, interfaces and storage
Hardware > Electronic design automation > High-level and register-transfer level synthesis
Hardware > Hardware test
Hardware > Hardware validation
Hardware > Robustness
Information analysis
Monitoring
Program processors
Runtime
Security
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:In this paper, we propose a system called Infeasible Path Detection System (IPDS) to combat memory tampering attacks causing invalid program control flows. In our system, the compiler analyzes correlations between branches and then the analyzed information is conveyed to the runtime system. The runtime system detects dynamic infeasible program paths by combining compiler determined information with runtime information to check the legality of the path taken during execution. IPDS achieves a zero false positive rate and can detect a high percentage of memory tampering for many attacks in which the tampering actually causes a change in control flow. Moreover, IPDS only incurs a modest amount of hardware resource and negligible performance penalty.
ISSN:1072-4451
DOI:10.1109/MICRO.2006.48