Please use this identifier to cite or link to this item:
Title: Hunting Trojan Horses
Authors: Moffie, M.
Cheng, W.
Kaeli, D.
Zhao, Q. 
Keywords: Data labeling
Information flow control
Program monitoring
Run time environment
Issue Date: 2006
Citation: Moffie, M.,Cheng, W.,Kaeli, D.,Zhao, Q. (2006). Hunting Trojan Horses. ASID'06: 1st Workshop on Architectural and System Support for Improving Software Dependability : 12-17. ScholarBank@NUS Repository.
Abstract: HTH (Hunting Trojan Horses) is a security framework developed for detecting difficult types of intrusions. HTH is intended as a complement to anti-virus software in that it targets unknown and zero-day Trojan Horses and Backdoors. In order to accurately identify these types of attacks HTH utilizes runtime information available during execution. The information collected includes fine-grained information flow, program execution flow and resources used.In this paper we present Harrier, an Application Security Monitor at the heart of our HTH framework. Harrier is an efficient run-time monitor that dynamically collects execution-related data. Harrier is capable of collecting information across different abstraction levels including architectural, system and library APIs. To date, Harrier is 3-4 times faster than comparable information flow tracking systems.Using the collected information, Harrier allows for accurate identification of abnormal program behavior. Preliminary results show a good detection rate with a low rate of false positives. Copyright 2006 ACM.
Source Title: ASID'06: 1st Workshop on Architectural and System Support for Improving Software Dependability
ISBN: 1595935762
DOI: 10.1145/1181309.1181312
Appears in Collections:Staff Publications

Show full item record
Files in This Item:
There are no files associated with this item.


checked on Oct 18, 2021

Page view(s)

checked on Oct 14, 2021

Google ScholarTM



Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.