An intrusion detection system using alteration of data

Fumiaki Nagano; Kohei Tatara; Toshihiro Tabata; Kouichi Sakurai

doi:10.1109/AINA.2006.94

An intrusion detection system using alteration of data

Fumiaki Nagano, Kohei Tatara, Toshihiro Tabata, Kouichi Sakurai

Mathematical Informatics

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

1 Citation (Scopus)

Abstract

Attacks against data in memory are one of the most serious threats these days. Although many detection systems have been proposed so far, most of them can detect only part of alteration. Some detection systems use canaries to detect alteration. However, if an execution code has bugs that enable attackers to read data in memory, the system could be bypassed by attackers who can guess canaries. To overcome the problems, we propose a system using alteration of data. Our proposed system detects illegal alteration with verifier for vulnerable data. Verifier is made before vulnerable data could be altered by attackers, and verifier is checked when the program uses the vulnerable data. Part of Verifier is stored in kernel area to prevent attackers from reading data in user memory. Our approach can detect illegal alteration of arbitrary data in user memory. Our proposed system, moreover, does not have the problem systems using canaries have.

Original language	English
Title of host publication	Proceedings - 20th International Conference on Advanced Information Networking and Applications
Pages	243-248
Number of pages	6
DOIs	https://doi.org/10.1109/AINA.2006.94
Publication status	Published - 2006
Event	20th International Conference on Advanced Information Networking and Applications - Vienna, Austria Duration: Apr 18 2006 → Apr 20 2006

Publication series

Name	Proceedings - International Conference on Advanced Information Networking and Applications, AINA
Volume	1
ISSN (Print)	1550-445X

Other

Other	20th International Conference on Advanced Information Networking and Applications
Country/Territory	Austria
City	Vienna
Period	4/18/06 → 4/20/06

All Science Journal Classification (ASJC) codes

Engineering(all)

Access to Document

10.1109/AINA.2006.94

Cite this

Nagano, F., Tatara, K., Tabata, T., & Sakurai, K. (2006). An intrusion detection system using alteration of data. In Proceedings - 20th International Conference on Advanced Information Networking and Applications (pp. 243-248). Article 1620199 (Proceedings - International Conference on Advanced Information Networking and Applications, AINA; Vol. 1). https://doi.org/10.1109/AINA.2006.94

An intrusion detection system using alteration of data. / Nagano, Fumiaki; Tatara, Kohei; Tabata, Toshihiro et al.
Proceedings - 20th International Conference on Advanced Information Networking and Applications. 2006. p. 243-248 1620199 (Proceedings - International Conference on Advanced Information Networking and Applications, AINA; Vol. 1).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Nagano, F, Tatara, K, Tabata, T & Sakurai, K 2006, An intrusion detection system using alteration of data. in Proceedings - 20th International Conference on Advanced Information Networking and Applications., 1620199, Proceedings - International Conference on Advanced Information Networking and Applications, AINA, vol. 1, pp. 243-248, 20th International Conference on Advanced Information Networking and Applications, Vienna, Austria, 4/18/06. https://doi.org/10.1109/AINA.2006.94

@inproceedings{a55fbf40e47f4a50885b606752e06852,

title = "An intrusion detection system using alteration of data",

abstract = "Attacks against data in memory are one of the most serious threats these days. Although many detection systems have been proposed so far, most of them can detect only part of alteration. Some detection systems use canaries to detect alteration. However, if an execution code has bugs that enable attackers to read data in memory, the system could be bypassed by attackers who can guess canaries. To overcome the problems, we propose a system using alteration of data. Our proposed system detects illegal alteration with verifier for vulnerable data. Verifier is made before vulnerable data could be altered by attackers, and verifier is checked when the program uses the vulnerable data. Part of Verifier is stored in kernel area to prevent attackers from reading data in user memory. Our approach can detect illegal alteration of arbitrary data in user memory. Our proposed system, moreover, does not have the problem systems using canaries have.",

author = "Fumiaki Nagano and Kohei Tatara and Toshihiro Tabata and Kouichi Sakurai",

year = "2006",

doi = "10.1109/AINA.2006.94",

language = "English",

isbn = "0769524664",

series = "Proceedings - International Conference on Advanced Information Networking and Applications, AINA",

pages = "243--248",

booktitle = "Proceedings - 20th International Conference on Advanced Information Networking and Applications",

note = "20th International Conference on Advanced Information Networking and Applications ; Conference date: 18-04-2006 Through 20-04-2006",

}

TY - GEN

T1 - An intrusion detection system using alteration of data

AU - Nagano, Fumiaki

AU - Tatara, Kohei

AU - Tabata, Toshihiro

AU - Sakurai, Kouichi

PY - 2006

Y1 - 2006

N2 - Attacks against data in memory are one of the most serious threats these days. Although many detection systems have been proposed so far, most of them can detect only part of alteration. Some detection systems use canaries to detect alteration. However, if an execution code has bugs that enable attackers to read data in memory, the system could be bypassed by attackers who can guess canaries. To overcome the problems, we propose a system using alteration of data. Our proposed system detects illegal alteration with verifier for vulnerable data. Verifier is made before vulnerable data could be altered by attackers, and verifier is checked when the program uses the vulnerable data. Part of Verifier is stored in kernel area to prevent attackers from reading data in user memory. Our approach can detect illegal alteration of arbitrary data in user memory. Our proposed system, moreover, does not have the problem systems using canaries have.

AB - Attacks against data in memory are one of the most serious threats these days. Although many detection systems have been proposed so far, most of them can detect only part of alteration. Some detection systems use canaries to detect alteration. However, if an execution code has bugs that enable attackers to read data in memory, the system could be bypassed by attackers who can guess canaries. To overcome the problems, we propose a system using alteration of data. Our proposed system detects illegal alteration with verifier for vulnerable data. Verifier is made before vulnerable data could be altered by attackers, and verifier is checked when the program uses the vulnerable data. Part of Verifier is stored in kernel area to prevent attackers from reading data in user memory. Our approach can detect illegal alteration of arbitrary data in user memory. Our proposed system, moreover, does not have the problem systems using canaries have.

UR - http://www.scopus.com/inward/record.url?scp=33751105568&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=33751105568&partnerID=8YFLogxK

U2 - 10.1109/AINA.2006.94

DO - 10.1109/AINA.2006.94

M3 - Conference contribution

AN - SCOPUS:33751105568

SN - 0769524664

SN - 9780769524665

T3 - Proceedings - International Conference on Advanced Information Networking and Applications, AINA

SP - 243

EP - 248

BT - Proceedings - 20th International Conference on Advanced Information Networking and Applications

T2 - 20th International Conference on Advanced Information Networking and Applications

Y2 - 18 April 2006 through 20 April 2006

ER -

An intrusion detection system using alteration of data

Abstract

Publication series

Other

All Science Journal Classification (ASJC) codes

Access to Document

Other files and links

Fingerprint

Cite this