By a News Reporter-Staff News Editor at Information Technology Newsweekly -- A new study on Information Software Technology is now available. According to news reporting from Lebanon, New Hampshire, by VerticalNews journalists, research stated, "Program execution profiles have been extensively and successfully used in several dynamic analysis fields such as software testing and fault localization. This paper presents a pattern-matching approach implemented as an application-based intrusion (and failure) detection system that operates on signatures generated from execution profiles."
The news correspondents obtained a quote from the research from American University, "Such signatures are not descriptions of exploits, i.e. they do not depend on the syntax or semantics of the exploits, but instead are descriptions of program events that correlate with the exploitation of program vulnerabilities. A vulnerability exploit is generally correlated with the execution of a combination of program elements, such as statements, branches, and definition-use pairs. In this work we first analyze the execution profiles of a vulnerable application in order to identify such suspicious coinbinations, define signatures that describe them, and consequently deploy these signatures within an intrusion detection system that performs online signature matching. To evaluate our approach, which is also applicable to online failure detection, we implemented it for the Java platform and applied it onto seven open-source applications containing 30 vulnerabilities/defects for the purpose of the online detection of attacks/failures. Our results showed that our approach worked very well for 26 vulnerabilities/defects (86.67%) and the overhead imposed by the system is somewhat acceptable as it varied from 46% to 102%. The exhibited average rates of false negatives and false positives were 0.43% and 1.03%, respectively."
According to the news reporters, the research concluded: "Using profile-based signatures for online intrusion and failure detection was shown to be effective."
For more information on this research see: Generating profile-based signatures for online intrusion and failure detection. Information and Software Technology, 2014;56(2):238-251. Information and Software Technology can be contacted at: Elsevier Science Bv, PO Box 211, 1000 Ae Amsterdam, Netherlands. (Elsevier - www.elsevier.com; Information and Software Technology - www.elsevier.com/wps/product/cws_home/525444)
Our news journalists report that additional information may be obtained by contacting W. Masri, American University of Beirut, Dept. of Comp Sci, Lebanon, NH, United States. Additional authors for this research include R. Abou Assi and M. El-Ghali.
Keywords for this news article include: Lebanon, New Hampshire, United States, North and Central America, Information Software Technology
Our reports deliver fact-based news of research and discoveries from around the world. Copyright 2014, NewsRx LLC