Isolating Intrusions by Automatic Experiments
نویسندگان
چکیده
When dealing with malware infections, one of the first tasks is to find the processes that were involved in the attack. We introduce Malfor, a system that isolates those processes automatically. In contrast to other methods that help analyze attacks, Malfor works by experiments: first, we record the interaction of the system under attack; after the intrusion has been detected, we replay the recorded events in slightly different configurations to see which processes were relevant for the intrusion. This approach has three advantages over deductive approaches: first, the processes that are thus found have been experimentally shown to be relevant for the attack; second, the amount of evidence that must then be analyzed to find the attack vector is greatly reduced; and third, Malfor itself cannot make wrong deductions. In a first experiment, Malfor was able to extract the three processes responsible for an attack from 32 candidates in about six minutes.
منابع مشابه
Aging, spaced retrieval, and inflexible memory performance.
Spaced retrieval is a memory-training technique whereby information is tested at progressively longer delays. Two experiments were conducted in order to examine the effects of spaced retrieval on controlled recollection and automatic influences of memory. In Experiment 1, word pairs were read once, three times, or once and retrieved twice by young and older adults. Retrieval practice improved p...
متن کاملDimensionality Reduction and Improving the Performance of Automatic Modulation Classification using Genetic Programming (RESEARCH NOTE)
This paper shows how we can make advantage of using genetic programming in selection of suitable features for automatic modulation recognition. Automatic modulation recognition is one of the essential components of modern receivers. In this regard, selection of suitable features may significantly affect the performance of the process. Simulations were conducted with 5db and 10db SNRs. Test and ...
متن کاملHow Saccade Intrusions Affect Subsequent Motor and Oculomotor Actions
In daily activities, there is a close spatial and temporal coupling between eye and hand movements that enables human beings to perform actions smoothly and accurately. If this coupling is disrupted by inadvertent saccade intrusions, subsequent motor actions suffer from delays, and lack of coordination. To examine how saccade intrusions affect subsequent voluntary actions, we used two tasks tha...
متن کاملDiffusively-driven overturning of a stable density gradient
We present the results of an experimental study on the formation and propagation of thermohaline intrusions from an initial state that is stably stratified in two diffusing components. The intrusions form in a layer that contains compensating horizontal gradients of the two components and that lies above a denser reservoir layer that is homogeneous. In the initial state, a vertical barrier sepa...
متن کاملIntrusion-Resilient Middleware Design and Validation
Intrusion Tolerance has become a reference paradigm for dealing with intrusions and accidental faults, achieving security and dependability in an automatic way, much along the lines of classical fault tolerance. This chapter is an introduction to the design and validation of intrusion-tolerant middleware and systems.
متن کامل