Dependence-Based Anomaly Detection Methodologies

Abstract

This project addressed the fundamental problem of how to tell a system or a program is behaving properly without being compromised by stealthy malware. During the course of the project (Apr. 2011 Dec. 2011), the PI and her students have performed studies related to designing novel dependence-based anomaly detection solutions that aim at enforcing dependence properties of legitimate programs, operations, and systems. Anomaly detection has never been systematically studied as a system security approach due to two main technical challenges: i) the (normal) behaviors of legitimate programs and systems are diverse and difficult to define, and ii) unlike numerical attributes, statistical methods cannot be applied to analyzing programs and system properties; thus, there is no general enforcement methodology for normal system-security patterns. Our anomaly detection approach is to focus on enforcing the proper data and control dependencies in program execution and to identify any violations of the dependences. Such an approach yields long-lasting and powerful malware-classification solutions, because it is not limited by the constantly evolving behaviors of malware.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Aug 16, 2012
Accession Number
ADA586474

Entities

People

  • Danfeng Yao

Organizations

  • Virginia Tech

Tags

DTIC Thesaurus Topics

  • Abstracts
  • Agreements
  • Anomaly Detection
  • Authentication
  • Change Detection
  • Computer Network Security
  • Computer Science
  • Computers
  • Department Of Defense
  • Detection
  • Education
  • Engineering
  • False Alarms
  • Mathematics
  • Military Research
  • Students
  • Verification

Fields of Study

  • Computer science

Readers

  • Cybersecurity.
  • Neural Network Machine Learning.
  • Systems Analysis and Design

Technology Areas

  • Cyber