FRINK Linked Data Fragments server

Matches in SemOpenAlex for { <https://semopenalex.org/work/W1571573079> ?p ?o ?g. }

• W1571573079 abstract "In this dissertation, we present an approach to detect attacks on computing infrastructures and launch responses that prevent or minimize the damage caused by these attacks. Our approach is specification based, in which, security-relevant behavior of a system is specified using a high level specification language. Attacks are detected as deviations from the specified behavior by an enforcement algorithm. Previous work on specifying and enforcing security behavior fall short in addressing the key requirements of such an approach which are: an expressive/concise language with unambiguous semantics and an efficient enforcement algorithm which is correct with respect to the semantics of the language. The result is that in these approaches expressive behavioral properties cannot be specified, enforcement of them is not efficient, or they do not provide sufficient confidence in their enforcement algorithm to launch responses to prevent attacks. regular expressions over events (REEs) and an enforcement algorithm based on the computational model of REEs, called extended finite automata (EFA). We present the unambiguous/precise semantics of REEs and prove the correctness and completeness of the enforcement algorithm with respect to them. This provides assurance that specified behavior is the enforced behavior. We also developed an algorithm that translates an REE specification into a fast pattern matching automaton that forms the basis of the efficient enforcement algorithm. In addition, in this dissertation, REEs and EFAs were used to develop a prototype intrusion detection/prevention system for the UNIX operating system. The system was designed based on the following two observations: regardless of the nature of attack, damage will ultimately be caused by the system calls made by the attacked processes, and no damage can be caused if the program is behaving normally. We developed a concrete language based on REEs called behavior modeling specification language (BMSL) to specify program behavior as well as responses if any attacks are detected. BMSL specifications capture behaviors of programs on the UNIX operating system as sequences of system calls and their arguments, made by these programs. The enforcement mechanism is based on system call interposing. Intercepted system calls are redirected to the enforcement algorithm corresponding to the process making the system calls. We describe the problems with the two interposition approaches most commonly used in intrusion detection techniques, kernel and user-level, and propose a novel approach called hybrid interposition. We address the key challenge of this approach which is splitting the functionality of the enforcement algorithm between the kernel and user-levels. (Abstract shortened by UMI.)" @default.
• W1571573079 created "2016-06-24" @default.
• W1571573079 creator A5028680353 @default.
• W1571573079 creator A5029878631 @default.
• W1571573079 date "2003-01-01" @default.
• W1571573079 modified "2023-09-23" @default.
• W1571573079 title "Intrusion detection/prevention using behavior specifications" @default.
• W1571573079 hasPublicationYear "2003" @default.
• W1571573079 type Work @default.
• W1571573079 sameAs 1571573079 @default.
• W1571573079 citedByCount "7" @default.
• W1571573079 countsByYear W15715730792012 @default.
• W1571573079 countsByYear W15715730792015 @default.
• W1571573079 countsByYear W15715730792018 @default.
• W1571573079 crossrefType "journal-article" @default.
• W1571573079 hasAuthorship W1571573079A5028680353 @default.
• W1571573079 hasAuthorship W1571573079A5029878631 @default.
• W1571573079 hasConcept C104091681 @default.
• W1571573079 hasConcept C112505250 @default.
• W1571573079 hasConcept C11413529 @default.
• W1571573079 hasConcept C121329065 @default.
• W1571573079 hasConcept C134306372 @default.
• W1571573079 hasConcept C156325763 @default.
• W1571573079 hasConcept C17231256 @default.
• W1571573079 hasConcept C17744445 @default.
• W1571573079 hasConcept C184337299 @default.
• W1571573079 hasConcept C199360897 @default.
• W1571573079 hasConcept C199539241 @default.
• W1571573079 hasConcept C201677973 @default.
• W1571573079 hasConcept C2779777834 @default.
• W1571573079 hasConcept C33923547 @default.
• W1571573079 hasConcept C35525427 @default.
• W1571573079 hasConcept C38652104 @default.
• W1571573079 hasConcept C39920170 @default.
• W1571573079 hasConcept C41008148 @default.
• W1571573079 hasConcept C55439883 @default.
• W1571573079 hasConcept C80444323 @default.
• W1571573079 hasConceptScore W1571573079C104091681 @default.
• W1571573079 hasConceptScore W1571573079C112505250 @default.
• W1571573079 hasConceptScore W1571573079C11413529 @default.
• W1571573079 hasConceptScore W1571573079C121329065 @default.
• W1571573079 hasConceptScore W1571573079C134306372 @default.
• W1571573079 hasConceptScore W1571573079C156325763 @default.
• W1571573079 hasConceptScore W1571573079C17231256 @default.
• W1571573079 hasConceptScore W1571573079C17744445 @default.
• W1571573079 hasConceptScore W1571573079C184337299 @default.
• W1571573079 hasConceptScore W1571573079C199360897 @default.
• W1571573079 hasConceptScore W1571573079C199539241 @default.
• W1571573079 hasConceptScore W1571573079C201677973 @default.
• W1571573079 hasConceptScore W1571573079C2779777834 @default.
• W1571573079 hasConceptScore W1571573079C33923547 @default.
• W1571573079 hasConceptScore W1571573079C35525427 @default.
• W1571573079 hasConceptScore W1571573079C38652104 @default.
• W1571573079 hasConceptScore W1571573079C39920170 @default.
• W1571573079 hasConceptScore W1571573079C41008148 @default.
• W1571573079 hasConceptScore W1571573079C55439883 @default.
• W1571573079 hasConceptScore W1571573079C80444323 @default.
• W1571573079 hasLocation W15715730791 @default.
• W1571573079 hasOpenAccess W1571573079 @default.
• W1571573079 hasPrimaryLocation W15715730791 @default.
• W1571573079 hasRelatedWork W1542723081 @default.
• W1571573079 hasRelatedWork W1549032789 @default.
• W1571573079 hasRelatedWork W18161554 @default.
• W1571573079 hasRelatedWork W2171173927 @default.
• W1571573079 hasRelatedWork W2182668417 @default.
• W1571573079 hasRelatedWork W2189898076 @default.
• W1571573079 hasRelatedWork W2274091595 @default.
• W1571573079 hasRelatedWork W2318286271 @default.
• W1571573079 hasRelatedWork W2338367696 @default.
• W1571573079 hasRelatedWork W24839522 @default.
• W1571573079 hasRelatedWork W2619592429 @default.
• W1571573079 hasRelatedWork W2762665353 @default.
• W1571573079 hasRelatedWork W2946913208 @default.
• W1571573079 hasRelatedWork W2963749388 @default.
• W1571573079 hasRelatedWork W3045776271 @default.
• W1571573079 hasRelatedWork W3099703838 @default.
• W1571573079 hasRelatedWork W3106234539 @default.
• W1571573079 hasRelatedWork W3134774527 @default.
• W1571573079 hasRelatedWork W82080700 @default.
• W1571573079 hasRelatedWork W2186556144 @default.
• W1571573079 isParatext "false" @default.
• W1571573079 isRetracted "false" @default.
• W1571573079 magId "1571573079" @default.
• W1571573079 workType "article" @default.