2006 Reports
Binary-level Function Profiling for Intrusion Detection and Smart Error Virtualization
Most current approaches to self-healing software (SHS) suffer from semantic incorrectness of the response mechanism. To support SHS, we propose Smart Error Virtualization (SEV), which treats functions as transactions but provides a way to guide the program state and remediation to be a more correct value than previous work. We perform runtime binary-level profiling on unmodified applications to learn both good return values and error return values (produced when the program encounters ``bad'' input). The goal is to ``learn from mistakes'' by converting malicious input to the program's notion of ``bad'' input. We introduce two implementations of this system that support three major uses: function profiling for regression testing, function profiling for host-based anomaly detection (environment-specialized fault detection), and function profiling for automatic attack remediation via SEV. Our systems do not require access to the source code of the application to enact a fix. Finally, this paper is, in part, a critical examination of error virtualization in order to shed light on how to approach semantic correctness.
Subjects
Files
- cucs-002-06.pdf application/pdf 76.8 KB Download File
More About This Work
- Academic Units
- Computer Science
- Publisher
- Department of Computer Science, Columbia University
- Series
- Columbia University Computer Science Technical Reports, CUCS-002-06
- Published Here
- April 21, 2011