Actively modifying control flow of program for efficient anormaly detection

Kohei Tatara, Toshihiro Tabata, Kouichi Sakurai

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

In order to prevent the malicious use of the computers exploiting buffer overflow vulnerabilities, a corrective action by not only calling a programmer's attention but expansion of compiler or operating system is likely to be important. On the other hand, the introduction and employment of intrusion detection systems must be easy for people with the restricted knowledge of computers. In this paper, we propose an anomaly detection method by modifying actively some control flows of programs. Our method can efficiently detect anomaly program behavior and give no false positives.

Original languageEnglish
Title of host publicationKnowledge-Based Intelligent Information and Engineering Systems - 10th International Conference, KES 2006, Proceedings
PublisherSpringer Verlag
Pages737-744
Number of pages8
Volume4252 LNAI - II
ISBN (Print)3540465375, 9783540465379
Publication statusPublished - 2006
Event10th International Conference on Knowledge-Based Intelligent Information and Engineering Systems, KES 2006 - Bournemouth, United Kingdom
Duration: Oct 9 2006Oct 11 2006

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume4252 LNAI - II
ISSN (Print)03029743
ISSN (Electronic)16113349

Other

Other10th International Conference on Knowledge-Based Intelligent Information and Engineering Systems, KES 2006
CountryUnited Kingdom
CityBournemouth
Period10/9/0610/11/06

Fingerprint

Flow Control
Flow control
Buffer Overflow
Anomaly Detection
Intrusion detection
Intrusion Detection
False Positive
Vulnerability
Operating Systems
Compiler
Anomaly
Likely
Knowledge

All Science Journal Classification (ASJC) codes

  • Computer Science(all)
  • Theoretical Computer Science

Cite this

Tatara, K., Tabata, T., & Sakurai, K. (2006). Actively modifying control flow of program for efficient anormaly detection. In Knowledge-Based Intelligent Information and Engineering Systems - 10th International Conference, KES 2006, Proceedings (Vol. 4252 LNAI - II, pp. 737-744). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 4252 LNAI - II). Springer Verlag.

Actively modifying control flow of program for efficient anormaly detection. / Tatara, Kohei; Tabata, Toshihiro; Sakurai, Kouichi.

Knowledge-Based Intelligent Information and Engineering Systems - 10th International Conference, KES 2006, Proceedings. Vol. 4252 LNAI - II Springer Verlag, 2006. p. 737-744 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 4252 LNAI - II).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Tatara, K, Tabata, T & Sakurai, K 2006, Actively modifying control flow of program for efficient anormaly detection. in Knowledge-Based Intelligent Information and Engineering Systems - 10th International Conference, KES 2006, Proceedings. vol. 4252 LNAI - II, Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 4252 LNAI - II, Springer Verlag, pp. 737-744, 10th International Conference on Knowledge-Based Intelligent Information and Engineering Systems, KES 2006, Bournemouth, United Kingdom, 10/9/06.
Tatara K, Tabata T, Sakurai K. Actively modifying control flow of program for efficient anormaly detection. In Knowledge-Based Intelligent Information and Engineering Systems - 10th International Conference, KES 2006, Proceedings. Vol. 4252 LNAI - II. Springer Verlag. 2006. p. 737-744. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).
Tatara, Kohei ; Tabata, Toshihiro ; Sakurai, Kouichi. / Actively modifying control flow of program for efficient anormaly detection. Knowledge-Based Intelligent Information and Engineering Systems - 10th International Conference, KES 2006, Proceedings. Vol. 4252 LNAI - II Springer Verlag, 2006. pp. 737-744 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).
@inproceedings{c5f6a4773b014b49974409219be1aa69,
title = "Actively modifying control flow of program for efficient anormaly detection",
abstract = "In order to prevent the malicious use of the computers exploiting buffer overflow vulnerabilities, a corrective action by not only calling a programmer's attention but expansion of compiler or operating system is likely to be important. On the other hand, the introduction and employment of intrusion detection systems must be easy for people with the restricted knowledge of computers. In this paper, we propose an anomaly detection method by modifying actively some control flows of programs. Our method can efficiently detect anomaly program behavior and give no false positives.",
author = "Kohei Tatara and Toshihiro Tabata and Kouichi Sakurai",
year = "2006",
language = "English",
isbn = "3540465375",
volume = "4252 LNAI - II",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
publisher = "Springer Verlag",
pages = "737--744",
booktitle = "Knowledge-Based Intelligent Information and Engineering Systems - 10th International Conference, KES 2006, Proceedings",
address = "Germany",

}

TY - GEN

T1 - Actively modifying control flow of program for efficient anormaly detection

AU - Tatara, Kohei

AU - Tabata, Toshihiro

AU - Sakurai, Kouichi

PY - 2006

Y1 - 2006

N2 - In order to prevent the malicious use of the computers exploiting buffer overflow vulnerabilities, a corrective action by not only calling a programmer's attention but expansion of compiler or operating system is likely to be important. On the other hand, the introduction and employment of intrusion detection systems must be easy for people with the restricted knowledge of computers. In this paper, we propose an anomaly detection method by modifying actively some control flows of programs. Our method can efficiently detect anomaly program behavior and give no false positives.

AB - In order to prevent the malicious use of the computers exploiting buffer overflow vulnerabilities, a corrective action by not only calling a programmer's attention but expansion of compiler or operating system is likely to be important. On the other hand, the introduction and employment of intrusion detection systems must be easy for people with the restricted knowledge of computers. In this paper, we propose an anomaly detection method by modifying actively some control flows of programs. Our method can efficiently detect anomaly program behavior and give no false positives.

UR - http://www.scopus.com/inward/record.url?scp=33750695380&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=33750695380&partnerID=8YFLogxK

M3 - Conference contribution

SN - 3540465375

SN - 9783540465379

VL - 4252 LNAI - II

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 737

EP - 744

BT - Knowledge-Based Intelligent Information and Engineering Systems - 10th International Conference, KES 2006, Proceedings

PB - Springer Verlag

ER -