Using Branch Correlation to Identify Infeasible Paths for Anomaly Detection

Orlando, Florida, USA December 09-December 13

DOI Bookmark:

http://doi.ieeecomputersociety.org/10.1109/MICRO.2006.48

39th Annual IEEE/ACM International Sy ...

	This Article
	PURCHASE ARTICLE: $19 PDF HTML IEEE Xplore Subscribers
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Xiaotong Zhuang Articles by Tao Zhang Articles by Santosh Pande

	ASCII Text	x
	Xiaotong Zhuang, Tao Zhang, Santosh Pande, "Using Branch Correlation to Identify Infeasible Paths for Anomaly Detection," Microarchitecture, IEEE/ACM International Symposium on, pp. 113-122, 39th Annual IEEE/ACM International Symposium on Microarchitecture (MICRO'06), 2006.

	BibTex	x
	@article{ 10.1109/MICRO.2006.48, author = {Xiaotong Zhuang and Tao Zhang and Santosh Pande}, title = {Using Branch Correlation to Identify Infeasible Paths for Anomaly Detection}, journal ={Microarchitecture, IEEE/ACM International Symposium on}, volume = {0}, year = {2006}, issn = {1072-4451}, pages = {113-122}, doi = {http://doi.ieeecomputersociety.org/10.1109/MICRO.2006.48}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Microarchitecture, IEEE/ACM International Symposium on TI - Using Branch Correlation to Identify Infeasible Paths for Anomaly Detection SN - 1072-4451 SP113 EP122 A1 - Xiaotong Zhuang, A1 - Tao Zhang, A1 - Santosh Pande, PY - 2006 KW - null VL - 0 JA - Microarchitecture, IEEE/ACM International Symposium on ER -

Xiaotong Zhuang, IBM T.J. Watson Research Center, NY

Tao Zhang, IBM T.J. Watson Research Center, NY

Santosh Pande, Georgia Institute of Technology

In this paper, we propose a system called Infeasible Path Detection System (IPDS) to combat memory tampering attacks causing invalid program control flows. In our system, the compiler analyzes correlations between branches and then the analyzed information is conveyed to the runtime system. The runtime system detects dynamic infeasible program paths by combining compiler determined information with runtime information to check the legality of the path taken during execution. IPDS achieves a zero false positive rate and can detect a high percentage of memory tampering for many attacks in which the tampering actually causes a change in control flow. Moreover, IPDS only incurs a modest amount of hardware resource and negligible performance penalty.

Citation:

Xiaotong Zhuang, Tao Zhang, Santosh Pande, "Using Branch Correlation to Identify Infeasible Paths for Anomaly Detection," micro, pp.113-122, 39th Annual IEEE/ACM International Symposium on Microarchitecture (MICRO'06), 2006

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.