Please use this identifier to cite or link to this item:
|Title:||Hunting Trojan Horses||Authors:||Moffie, M.
Information flow control
Run time environment
|Issue Date:||2006||Citation:||Moffie, M.,Cheng, W.,Kaeli, D.,Zhao, Q. (2006). Hunting Trojan Horses. ASID'06: 1st Workshop on Architectural and System Support for Improving Software Dependability : 12-17. ScholarBank@NUS Repository. https://doi.org/10.1145/1181309.1181312||Abstract:||HTH (Hunting Trojan Horses) is a security framework developed for detecting difficult types of intrusions. HTH is intended as a complement to anti-virus software in that it targets unknown and zero-day Trojan Horses and Backdoors. In order to accurately identify these types of attacks HTH utilizes runtime information available during execution. The information collected includes fine-grained information flow, program execution flow and resources used.In this paper we present Harrier, an Application Security Monitor at the heart of our HTH framework. Harrier is an efficient run-time monitor that dynamically collects execution-related data. Harrier is capable of collecting information across different abstraction levels including architectural, system and library APIs. To date, Harrier is 3-4 times faster than comparable information flow tracking systems.Using the collected information, Harrier allows for accurate identification of abnormal program behavior. Preliminary results show a good detection rate with a low rate of false positives. Copyright 2006 ACM.||Source Title:||ASID'06: 1st Workshop on Architectural and System Support for Improving Software Dependability||URI:||http://scholarbank.nus.edu.sg/handle/10635/114663||ISBN:||1595935762||DOI:||10.1145/1181309.1181312|
|Appears in Collections:||Staff Publications|
Show full item record
Files in This Item:
There are no files associated with this item.
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.