An Intrusion Detection System using Alteration of Data

	This Article
	Subscribers, please Login Purchase article: $19 PDF IEEE Xplore Subscribers RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Fumiaki NAGANO Articles by Kohei TATARA Articles by Kouichi SAKURAI Articles by Toshihiro TABATA

20th International Conference on Advanced Information Networking and Applications - Volume 1 (AINA'06)

Vienna, Austria

April 18-April 20

ISBN: 0-7695-2466-4

	ASCII Text	x
	Fumiaki NAGANO, Kohei TATARA, Kouichi SAKURAI, Toshihiro TABATA, "An Intrusion Detection System using Alteration of Data," Advanced Information Networking and Applications, International Conference on, vol. 1, pp. 243-248, 20th International Conference on Advanced Information Networking and Applications - Volume 1 (AINA'06), 2006.

	BibTex	x
	@article{ 10.1109/AINA.2006.94, author = {Fumiaki NAGANO and Kohei TATARA and Kouichi SAKURAI and Toshihiro TABATA}, title = {An Intrusion Detection System using Alteration of Data}, journal ={Advanced Information Networking and Applications, International Conference on}, volume = {1}, year = {2006}, issn = {1550-445X}, pages = {243-248}, doi = {http://doi.ieeecomputersociety.org/10.1109/AINA.2006.94}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Advanced Information Networking and Applications, International Conference on TI - An Intrusion Detection System using Alteration of Data SN - 1550-445X SP243 EP248 A1 - Fumiaki NAGANO, A1 - Kohei TATARA, A1 - Kouichi SAKURAI, A1 - Toshihiro TABATA, PY - 2006 KW - null VL - 1 JA - Advanced Information Networking and Applications, International Conference on ER -

Fumiaki NAGANO, Kyushu University, Fukuoka,Japan

Kohei TATARA, Kyushu University, Fukuoka,Japan

Kouichi SAKURAI, Kyushu University, Fukuoka,Japan

Toshihiro TABATA, Okayama University, Okayama,Japan

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/AINA.2006.94

Attacks against data in memory are one of the most serious threats these days. Although many detection systems have been proposed so far, most of them can detect only part of alteration. Some detection systems use canaries to detect alteration. However, if an execution code has bugs that enable attackers to read data in memory, the system could be bypassed by attackers who can guess canaries. To overcome the problems, we propose a system using alteration of data. Our proposed system detects illegal alteration with verifier for vulnerable data. Verifier is made before vulnerable data could be altered by attackers, and verifier is checked when the program uses the vulnerable data. Part of Verifier is stored in kernel area to prevent attackers from reading data in user memory. Our approach can detect illegal alteration of arbitrary data in user memory. Our proposed system, moreover, does not have the problem systems using canaries have.

Citation:

Fumiaki NAGANO, Kohei TATARA, Kouichi SAKURAI, Toshihiro TABATA, "An Intrusion Detection System using Alteration of Data," aina, vol. 1, pp.243-248, 20th International Conference on Advanced Information Networking and Applications - Volume 1 (AINA'06), 2006

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.