FLIPS: Hybrid Adaptive Intrusion Prevention
Source: Columbia University
Intrusion detection systems are fundamentally passive and fail-open. Because their primary task is classification, they do nothing to prevent an attack from succeeding. An Intrusion Prevention System (IPS) adds protection mechanisms that provide fail-safe semantics, automatic response capabilities, and adaptive enforcement. It presents FLIPS (Feedback Learning IPS), a hybrid approach to host security that prevents binary code injection attacks. It incorporates three major components: an anomaly-based classier, a signature-based filtering scheme, and a supervision framework that employs Instruction Set Randomization (ISR).