acm-header
Sign In

Communications of the ACM

ACM TechNews

New Research Method Identifies Stealth Attacks on Complicated Computer Systems


Daphne Yao, associate professor of computer science in Virginia Polytechnic Institute and State University's College of Engineering, and her doctoral student Xiaokui Shu, check their data for their program anomaly-detection approach.

Researchers at Virginia Polytechnic Institute and State University have developed a new approach to discovering stealth attacks on computers.

Credit: Virginia Polytechnic Institute and State University

Virginia Polytechnic Institute and State University (Virginia Tech) researchers have developed a program anomaly-detection approach to discovering stealth attacks on computers.

They tested the approach against several real-world attacks. The Virginia Tech prototype proved to be effective and reliable at identifying the attacks with a false positive rate as low as 0.01 percent.

The program uses algorithms with specific matrix-based pattern recognition, which enabled the researchers to analyze the execution path of a software program and discover correlations among events.

"The idea is to profile the program's behavior, determine how often some events are supposed to occur and with which other events, and use this information to detect anomalous activity," says Virginia Tech professor Naren Ramakrishnan.

Virginia Tech professor Danfeng Yao says the anomaly-detection algorithms were able to detect erratic program behaviors with very low false alarms even when there are complex and diverse execution patterns. "Because the approach works by analyzing the behavior of computer code, it can be used to study a variety of different attacks," Yao notes.

From Virginia Tech News
View Full Article

 

Abstracts Copyright © 2015 Information Inc., Bethesda, Maryland, USA


 

No entries found