Virginia Polytechnic Institute and State University (Virginia Tech) researchers have developed a program anomaly-detection approach to discovering stealth attacks on computers.
They tested the approach against several real-world attacks. The Virginia Tech prototype proved to be effective and reliable at identifying the attacks with a false positive rate as low as 0.01 percent.
The program uses algorithms with specific matrix-based pattern recognition, which enabled the researchers to analyze the execution path of a software program and discover correlations among events.
"The idea is to profile the program's behavior, determine how often some events are supposed to occur and with which other events, and use this information to detect anomalous activity," says Virginia Tech professor Naren Ramakrishnan.
Virginia Tech professor Danfeng Yao says the anomaly-detection algorithms were able to detect erratic program behaviors with very low false alarms even when there are complex and diverse execution patterns. "Because the approach works by analyzing the behavior of computer code, it can be used to study a variety of different attacks," Yao notes.
From Virginia Tech News
View Full Article
Abstracts Copyright © 2015 Information Inc., Bethesda, Maryland, USA
No entries found