On Information Flow for Intrusion Detection: What if Accurate Full-System Dynamic Information Flow Tracking was Possible?

Provided by: Association for Computing Machinery
Topic: Security
Format: PDF
Current Intrusion Detection Systems (IDSes) fall into two very limiting categories: appearance-based or behavior-based. These rely on specifying good vs. bad behavior in terms of patterns in the malicious input or in the trace of execution during the attack. Some successful IDS systems have specified attacks in terms of information flow and the influences data sources have on the system, but only in very limited domains such as control data attacks, and typically using information flow tracking mechanisms customized to their purpose.

Find By Topic