scholarly journals On the Detection of Exploitation of Vulnerabilities Leading to the Execution of a Malicious Code

2020 ◽  
Vol 27 (2) ◽  
pp. 138-151
Author(s):  
Yury V. Kosolapov
Keyword(s):  
Symbolic Execution ◽  
Malicious Code ◽  
Abnormal Behavior ◽  
Software Protection ◽  
Intrusion Prevention ◽  
Function Calls ◽  
Normal Behavior ◽  
Subsequent Elimination ◽  
Intrusion Prevention Systems ◽  
Library Function

Software protection from exploitation of possible unknown vulnerabilities can be performed both by searching (for example, using symbolic execution) and subsequent elimination of the vulnerabilities and by using detection and / or intrusion prevention systems. In the latter case, this problem is usually solved by forming a profile of a normal behavior and deviation from normal behavior over a predetermined threshold is regarded as an anomaly or an attack. In this paper, the task is to protect a given software P from exploiting unknown vulnerabilities. For this aim a method is proposed for constructing a profile of the normal execution of the program P, in which, in addition to a set of legal chains of system and library functions, it is proposed to take into account the distances between adjacent function calls. At the same time, a profile is formed for each program. It is assumed that taking into account the distances between function calls will reveal shell code execution using system and / or library function calls. An algorithm and a system for detecting abnormal code execution are proposed. The work carried out experiments in the case when P is the FireFox browser. During the experiments the possibility of applying the developed algorithm to identify abnormal behavior when launching publicly available exploits was investigated.

Efficient middlebox scaling for virtualized intrusion prevention systems in software-defined networks

2021 ◽  
Vol 65 (8) ◽  
Author(s):  
Junchi Xing ◽  
Chunming Wu ◽  
Haifeng Zhou ◽  
Qiumei Cheng ◽  
Danrui Yu ◽  
...  
Keyword(s):  
Software Defined Networks ◽  
Intrusion Prevention ◽  
Intrusion Prevention Systems

scholarly journals Towards Industrial Intrusion Prevention Systems: A Concept and Implementation for Reactive Protection

2018 ◽  
Vol 8 (12) ◽  
pp. 2460 ◽  
Author(s):  
Cyntia Vargas Martínez ◽  
Birgit Vogel-Heuser
Keyword(s):  
Protection System ◽  
Automation System ◽  
Human Intervention ◽  
Timely Manner ◽  
Industrial Automation ◽  
Intrusion Prevention ◽  
Automation Systems ◽  
Operational Policies ◽  
Intrusion Prevention Systems ◽  
Industrial Automation Systems

System intrusions violate the security of a system. In order to maintain it, it is necessary to decrease the chances of intrusions occurring or by detecting them as soon as they ensue in order to respond to them in a timely manner. These responses are divided in two types: passive or reactive responses. Passive responses are limited to only notification and alerting; whereas, reactive responses influence the intrusion by undoing or diminishing its consequences. Unfortunately, some reactive responses may influence the underlying system where the intrusion has occurred. This is especially a concern in the field of Industrial Automation Systems, as these systems are critical and have a well-defined set of operational requirements that must be maintained. Hence, automatic reactive responses are often not considered or are limited to human intervention. This paper addresses this issue by introducing a concept for reactive protection that integrates the automatic execution of active responses that do not influence the operation of the underlying Industrial Automation System. This concept takes into consideration architectural and security trends, as well as security and operational policies of Industrial Automation Systems. It also proposes a set of reactive actions that can be taken in the presence of intrusions in order to counteract them or diminish their effects. The feasibility and applicability of the presented concept for Industrial Automation Systems is supported by the implementation and evaluation of a prototypical Reactive Protection System.

scholarly journals GPS-Spoofing Attack Detection Technology for UAVs Based on Kullback–Leibler Divergence

Drones ◽  
2021 ◽  
Vol 6 (1) ◽  
pp. 8
Author(s):  
Elena Basan ◽  
Alexandr Basan ◽  
Alexey Nekrasov ◽  
Colin Fidge ◽  
Nikita Sushkin ◽  
...  
Keyword(s):  
Cyber Security ◽  
Detection System ◽  
Attack Detection ◽  
Abnormal Behavior ◽  
Mathematical Methods ◽  
Training Time ◽  
Detection Technology ◽  
Normal Behavior ◽  
Leibler Divergence ◽  
Aerial Vehicle

Here, we developed a method for detecting cyber security attacks aimed at spoofing the Global Positioning System (GPS) signal of an Unmanned Aerial Vehicle (UAV). Most methods for detecting UAV anomalies indicative of an attack use machine learning or other such methods that compare normal behavior with abnormal behavior. Such approaches require large amounts of data and significant “training” time to prepare and implement the system. Instead, we consider a new approach based on other mathematical methods for detecting UAV anomalies without the need to first collect a large amount of data and describe normal behavior patterns. Doing so can simplify the process of creating an anomaly detection system, which can further facilitate easier implementation of intrusion detection systems in UAVs. This article presents issues related to ensuring the information security of UAVs. Development of the GPS spoofing detection method for UAVs is then described, based on a preliminary study that made it possible to form a mathematical apparatus for solving the problem. We then explain the necessary analysis of parameters and methods of data normalization, and the analysis of the Kullback—Leibler divergence measure needed to detect anomalies in UAV systems.

Automatic Engine Modeling for Failure Detection

2001 ◽  
Author(s):  
A. Schrempf ◽  
L. del Re ◽  
W. Groißböck ◽  
E. Lughofer ◽  
E. P. Klement ◽  
...  
Keyword(s):  
Fault Detection ◽  
Failure Detection ◽  
Abnormal Behavior ◽  
Automatic Modeling ◽  
Plant Operation ◽  
Fast Detection ◽  
Engine Modeling ◽  
Normal Behavior ◽  
Large Production ◽  
Abnormal Plant

Abstract Fast detection of abnormal plant operation is critical for many applications. Fault detection requires some kind of comparison between actual and “normal” behavior, which implies the use of models. Exact modeling of engine systems is probably impossible and even middle-complexity models are very time-consuming. In some few cases, as for on board diagnostics, the very limited amount of cases to be treated and the usually large production volumes allow to develop models suitable to detect an abnormal behavior, but, in general, however, this approach cannot be followed. As fast detection of abnormal plant operation is often critical, alternative low-effort approaches are required. This paper presents a procedure suitable for engine fault detection based on parallel automatic modeling. It is shown that this approach yields a flexible and reliable tool for automatic modeling for this goal, while keeping the effort for the operator rather low.

Intrusion Prevention System

2016 ◽  
pp. 245-258
Author(s):  
Bijaya Kumar Panda ◽  
Manoranjan Pradhan ◽  
Sateesh Kumar Pradhan
Keyword(s):  
Information Security ◽  
Information Sharing ◽  
Rapid Growth ◽  
Detection Methods ◽  
Intrusion Prevention ◽  
Unauthorized Access ◽  
Prevention System ◽  
Intrusion Prevention Systems ◽  
Intrusion Prevention System ◽  
Use Of Internet

In the last decade, there is a rapid growth in the use of Internet by the organization for information sharing. As information is very vital to the organizations, it should be preserved and insulated from any unauthorized access or alternation. In last few years, attacks on the computer infrastructures have increased exponentially. Several information security techniques are available now a days like firewalls, anti-virus software and Intrusion prevention systems (IPSs), which are important tools for protecting an organization from intrusions. Now most attacks are impossible to defend with firewalls and anti-virus software alone. Without an IPS, such attacks are difficult to detect and prevent. This chapter presents different definitions of intrusion prevention system with meaningful explanation; compare network IPS with Host IPS, common and the advanced detection methods, common IPS components, coverage of attacks by IPS and criteria to select right IPS. Finally, this chapter concludes with an analysis of the challenges that still remain to be resolved.

Heuristic Guided Selective Path Exploration for Loop Structure in Coverage Testing

2017 ◽  
Vol 8 (2) ◽  
pp. 59-75
Author(s):  
Xu-zhou Zhang ◽  
Yun-zhan Gong ◽  
Ya-Wen Wang
Keyword(s):  
Program Analysis ◽  
Symbolic Execution ◽  
Loop Structure ◽  
Program Behavior ◽  
Function Calls ◽  
Heuristic Strategy ◽  
Coverage Testing ◽  
Dynamic Execution ◽  
And Function ◽  
Combinatorial Strategy

Static program analysis is a strong technique for analyzing program behavior, but suffers from scalability problem, such as path explosion which is caused by the presence of loops and function calls. This article applies the selective execution mechanism and heuristic strategy on exploring paths through loops. This combinatorial strategy tries to alleviate the path explosion problem from three aspects: 1) exploring loops with different approaches according to their relative position to a specific target; 2) combining static analysis, dynamic execution, and symbolic execution to deal with the separated program; 3) applying a heuristic strategy on offering guidance for the path exploration. These approaches are integrated to automatically generate paths for specified targets in loop structure. Experimental results show that the authors' proposed strategy is available for combination of different loops. It outperforms some existing techniques on achieving better coverage for programs containing loops, and is applicable in engineering.

Sign in / Sign up

Export Citation Format

Share Document