HAL will be down for maintenance from Friday, June 10 at 4pm through Monday, June 13 at 9am. More information
Skip to Main content Skip to Navigation
Conference papers

Compacting Security Signatures for PIGA IDS

Pascal Berthomé 1 Jérémy Briffaut 1 Pierre Clairet 1
1 SDS - Sécurité des Données et des Systèmes
LIFO - Laboratoire d'Informatique Fondamentale d'Orléans
Abstract : PIGA (Policy Interaction Graph Analysis) is a tool that detects malicious process behaviours by analysing the operating system activities. This tool uses signatures that represent illegal activities of some malicious user. These signatures are generated from a graph that models the performed operations at operating system (OS) level. For usual security properties, the number of signatures is large and they are stored in the memory during the detection process. In this paper, we present a way to reduce the memory required to store the signatures while preserving their quality. The methodology is derived from the modular decomposition of graphs. We investigate the impact of such an approach for the confidentiality property. The efficiency of the methodology is evaluated on interaction graphs of real operating systems. The number of signatures is divided by 20 for the tested confidentiality property
Complete list of metadata

https://hal.archives-ouvertes.fr/hal-00770935
Contributor : Pascal Berthomé Connect in order to contact the contributor
Submitted on : Monday, January 7, 2013 - 4:49:52 PM
Last modification on : Thursday, December 16, 2021 - 9:22:02 AM

Identifiers

  • HAL Id : hal-00770935, version 1

Citation

Pascal Berthomé, Jérémy Briffaut, Pierre Clairet. Compacting Security Signatures for PIGA IDS. SECURWARE-2012, Aug 2012, Rome, Italy. pp.126--133. ⟨hal-00770935⟩

Share

Metrics

Record views

85