Quantifying Application Behavior Space for Detection and Self-Healing
The increasing sophistication of software attacks has created the need for increasingly finer-grained intrusion and anomaly detection systems, both at the network and the host level. The authors believe that the next generation of defense mechanisms will require a much more detailed dynamic analysis of application behavior than is currently done. They also note that the same type of behavior analysis is needed by the current embryonic attempts at self-healing systems. Because such mechanisms are currently perceived as too expensive in terms of their performance impact, questions relating to the feasibility and value of such analysis remain unexplored and unanswered.