Pervasive Micro Information Flow Tracking

Sanoop Mallissery, Kun Yi Chiang, Chun An Bau, Yu Sung Wu

Research output: Contribution to journalArticlepeer-review

1 Scopus citations

Abstract

Detection of advanced security attacks that exploit zero-day vulnerabilities or application-specific logic loopholes has been challenging due to the lack of attack signatures or substantial deviations in the overall system behavior. One has to zoom in to the affected code regions and look for local anomalies distinguishable from the benign workload to detect such attacks. We propose <italic>pervasive micro information flow tracking</italic> (P<sc>E</sc>RMIT) that realizes variable-level online dynamic information flow tracking (DIFT) as a means to detect the attacks. The system uses hardware virtualization extension to monitor access to taint source variables and performs asynchronous code emulation to infer the local information flow. We demonstrate that the pervasive micro information flow can sufficiently capture the attacks and incurs only a small overhead. Given the program source code, the system can further enrich the semantics of micro information flow by embedding the variable names. We have integrated the system with machine learning algorithms to demonstrate the effectiveness of anomaly detection for zero-day attacks with pervasive micro information flow.

Original languageEnglish
Pages (from-to)1-18
Number of pages18
JournalIEEE Transactions on Dependable and Secure Computing
DOIs
StateAccepted/In press - 2023

Keywords

  • Anomaly detection
  • anomaly detection
  • Codes
  • dynamic information flow tracking
  • Emulation
  • Malware
  • online taint analysis
  • production system
  • Security
  • Source coding
  • Target tracking
  • zero-day attacks

Fingerprint

Dive into the research topics of 'Pervasive Micro Information Flow Tracking'. Together they form a unique fingerprint.

Cite this