Detection of Sophisticated Network Enabled Threats via a Novel Micro-Proxy Architecture

Abstract

With the increasing use of novel exploitation techniques in modern malicious software it can be argued that current intrusion detection and intrusion prevention systems are failing to keep pace. While some intrusion prevention systems have the capability to detect evasion techniques they all fail to detect novel unknown exploitation techniques. Traditional proxy approaches have failed to protect the universe of discourse that a network enabled service can be engaged in as they view all information flows of the same type in a uniform manner. In this paper we propose a micro-proxy architecture that utilizes reverse engineering techniques to identify a valid universe of discourse for a network service. This valid universe of discourse is then applied to validate legitimate transactions to a service. Thus in effect, the micro proxy implements a default deny policy via the analysis of the application level discourse.

Share and Cite:

Blyth, A. (2014) Detection of Sophisticated Network Enabled Threats via a Novel Micro-Proxy Architecture. Journal of Information Security, 5, 37-45. doi: 10.4236/jis.2014.52004.

Conflicts of Interest

The authors declare no conflicts of interest.

References

[1] Bass, T. (2000) Intrusion Detection Systems and Multi-Sensor Data Fusion. Communications of the ACM, 43, 4. http://dx.doi.org/10.1145/332051.332079
[2] Cova, M., Felmetsger, V., Banks, G. and Vigna, G. (2006) Static Detection of Vulnerabilities in x86 Executables. ACSAC ‘06 Proceedings of the 22nd Annual Computer Security Applications Conference, Miami Beach, December 2006, 269-278.
[3] Mutz, D., Valeur, F., Vigna, G. and Kruegel, C. (2006) Anomalous System Call Detection. ACM Transactions on Information and System Security, 9, 1. http://dx.doi.org/10.1145/1127345.1127348
[4] Wang, T. and Roychoudhury, A. (2007) Hierarchical Dynamic Slicing. Proceedings of the 2007 International Symposium on Software Testing and Analysis, 228-238.
[5] Zhang, X. and Gupta, R. (2004) Whole Execution Traces. 37th International Symposium on Microarchitectures. IEEE Press.
[6] Zheng, J., Williams, L., Nagappan, N., Snipes, W., Hudepohl, J. and Vouk, M. (2006) On the Value of Static Analysis for Fault Detection in Software. IEEE Transactions on Software Engineering, 32, 240-253. http://dx.doi.org/10.1109/TSE.2006.38
[7] Hovemeyer, D. and Pugh, W. (2004) Finding Bugs Is Easy. Proceedings of the 19th ACM Conference on ObjectOriented Programming, Systems, Languages, and Applications, Vancouver.
[8] Heckman, S. and Williams, L. (2009) A Model Building Process for Identifying Actionable Static Analysis Alerts. Proceedings of the 2nd IEEE International Conference on Software Testing, Verification and Validation, Denver, 1-4 April 2009, 161-170.
[9] Chess, B. and McGraw, G. (2004) Static Analysis for Security. IEEE Security & Privacy, 2, 76-79.
http://dx.doi.org/10.1109/MSP.2004.111
[10] Yi, K., Choi, H., Kim, J. and Kim, Y. (2007) An Empirical Study on Classification Methods for Alarms from a BugFinding Static C Analyzer. Information Processing Letters, 102, 118-123.
http://dx.doi.org/10.1016/j.ipl.2006.11.004
[11] Schwartz, E.J., Avgerinos, T. and Brumley, D. (2010) All You Ever Wanted to Know about Dynamic Taint Analysis and Forward Symbolic Execution (but Might Have Been Afraid to Ask). Proceedings of the 2010 IEEE Symposium on Security and Privacy, Oakland, 16-19 May 2010, 317-331.
http://dx.doi.org/10.1109/SP.2010.26
[12] Cavallaro, L., Saxena, P. and Sekar, R. (2008) On the Limits of Information Flow Techniques for Malware Analysis and Containment. Proceedings of the 5th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA), Springer.
[13] Pasareanu, C.S. and Visser, W. (2009) A Survey of New Trends in Symbolic Execution for Software Testing and Analysis. International Journal of Tools Technology Transfer, 11, 339-353.
http://dx.doi.org/10.1007/s10009-009-0118-1
[14] Crandall, J., Su, Z., Wu, S.F. and Chong, F. (2005) On Deriving Unknown Vulnerabilities from Zero-Day Polymorphic and Metamorphic Worm Exploits. Proceedings of the ACM Conference on Computer and Communications Security, 235-248. http://dx.doi.org/10.1145/1102120.1102152
[15] Brumley, D., Newsome, J., Song, D., Wang, H. and Jha, S. (2008) Theory and Techniques for Automatic Generation of Vulnerability Based Signatures. IEEE Transactions on Dependable and Secure Computing, 5, 224-241. http://dx.doi.org/10.1109/TDSC.2008.55
[16] Sharif, M., Lanzi, A., Giffin, J. and Lee, W. (2009) Automatic Reverse Engineering of Malware Emulators. Proceedings of the IEEE Symposium on Security and Privacy, 94-109.
[17] Cadar, C., Dunbar, D. and Engler, D. (2008) Klee: Unassisted and Automatic Generation of High-Coverage Tests for Complex Systems Programs. Proceedings of the USENIX Symposium on Operating System Design and Implementation, 209-224.
[18] Mine, A. (2001) A New Numerical Abstract Domain Based on Difference-Bound Matrices. PADO II, 2053, 155-172.
[19] Yin, H., Poosankam, P., Hanna, S. and Song, D. (2010) HookScout: Proactive Binary-Centric Hook Detection. Proceedings of the Detection of Intrusions and Malware, and Vulnerability Assessment, Springer, 1-20.
[20] Frossi, A., Maggi, F., Rizzo, G.L. and Zaneo, S. (2009) Selecting and Improving System Call Models for Anomaly Detection. Proceedings of the Detection of Intrusions and Malware, and Vulnerability Assessment, Springer.
[21] Bockermann, C., Apel, M. and Meier, M. (2009) Learning SQL for Database Intrusion Detection Using Context-Sensitive Modelling. Proceedings of the Detection of Intrusions and Malware, and Vulnerability Assessment, Springer.
[22] Tanenbaum, A.S. (2007) Modern Operating Systems, Pearson Education.
[23] Abadi, M., Budiu, M., Erlingsson, U. and Ligatti, J. (2009) Control Flow Integrity Principles, Implementations and Applications. ACM Transactions on Information and Systems Security (TISSEC), 13, 1. http://dx.doi.org/10.1145/1609956.1609960
[24] Searle, J.R. (1969) Speech Acts: An Essay in the Philosophy of Language. Cambridge Press, Cambridge. http://dx.doi.org/10.1017/CBO9781139173438

Copyright © 2024 by authors and Scientific Research Publishing Inc.

Creative Commons License

This work and the related PDF file are licensed under a Creative Commons Attribution 4.0 International License.