Detecting Code Injection Attacks in Internet Explorer
Computer Software and Applications Conference Workshops(2011)
摘要
Code injection vulnerabilities are a major threat to Internet security. The ability for a malicious website to install malware on a host using these vulnerabilities without its knowledge is particularly menacing. In this paper, we approach this problem from a new perspective by constructing a Markov chain graph from the system calls Internet Explorer executes and then modeling this graph over time. We apply a Gaussian process change-point algorithm to detect code injection attacks. To show the efficacy of this approach, we collect a novel dataset of system call traces of 6 code injection attacks using 3 distinct exploits against the Internet Explorer browser. Our algorithm was able to detect all of the code injection attacks with a limited number of false positives.
更多查看译文
关键词
system call trace,markov chain graph,code injection vulnerability,gaussian process change-point algorithm,code injection attack,false positive,internet security,internet explorer,distinct exploit,internet explorer browser,detecting code injection attacks,malware,markov chain,gaussian processes,virtual machine,gaussian process,code injection,markov process,markov processes,support vector machines,kernel,support vector machine,internet
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络
Chat Paper
正在生成论文摘要