Sciweavers

RAID
2015
Springer

A Formal Framework for Program Anomaly Detection

8 years 8 months ago
A Formal Framework for Program Anomaly Detection
Abstract. Program anomaly detection analyzes normal program behaviors and discovers aberrant executions caused by attacks, misconfigurations, program bugs, and unusual usage patterns. The merit of program anomaly detection is its independence from attack signatures, which enables proactive defense against new and unknown attacks. In this paper, we formalize the general program anomaly detection problem and point out two of its key properties. We present a unified framework to present any program anomaly detection method in terms of its detection capability. We prove the theoretical accuracy limit for promaly detection with an abstract detection machine. We show how existing solutions are positioned in our framework and illustrate the gap between state-of-the-art methods and the theoretical accuracy limit. We also point out some potential modeling features for future program anomaly detection evolution.
Xiaokui Shu, Danfeng (Daphne) Yao, Barbara G. Ryde
Added 17 Apr 2016
Updated 17 Apr 2016
Type Journal
Year 2015
Where RAID
Authors Xiaokui Shu, Danfeng (Daphne) Yao, Barbara G. Ryder
Comments (0)