The Community for Technology Leaders
RSS Icon
April 18, 2006 to April 20, 2006
ISBN: 0-7695-2466-4
pp: 243-248
Fumiaki NAGANO , Kyushu University, Fukuoka,Japan
Kohei TATARA , Kyushu University, Fukuoka,Japan
Kouichi SAKURAI , Kyushu University, Fukuoka,Japan
Toshihiro TABATA , Okayama University, Okayama,Japan
Attacks against data in memory are one of the most serious threats these days. Although many detection systems have been proposed so far, most of them can detect only part of alteration. Some detection systems use canaries to detect alteration. However, if an execution code has bugs that enable attackers to read data in memory, the system could be bypassed by attackers who can guess canaries. To overcome the problems, we propose a system using alteration of data. Our proposed system detects illegal alteration with verifier for vulnerable data. Verifier is made before vulnerable data could be altered by attackers, and verifier is checked when the program uses the vulnerable data. Part of Verifier is stored in kernel area to prevent attackers from reading data in user memory. Our approach can detect illegal alteration of arbitrary data in user memory. Our proposed system, moreover, does not have the problem systems using canaries have.
Fumiaki NAGANO, Kohei TATARA, Kouichi SAKURAI, Toshihiro TABATA, "An Intrusion Detection System using Alteration of Data", AINA, 2006, Proceedings. 20th International Conference on Advanced Information Networking and Applications, Proceedings. 20th International Conference on Advanced Information Networking and Applications 2006, pp. 243-248, doi:10.1109/AINA.2006.94
28 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool