Skip to Main content Skip to Navigation
Conference papers

Adaptable Intrusion Detection Systems Dedicated to Concurrent Programs: a Petri Net-Based Approach

Jean-Baptiste Voron 1 Clément Démoulins 1 Fabrice Kordon 1
1 MoVe - Modélisation et Vérification
LIP6 - Laboratoire d'Informatique de Paris 6
Abstract : Intrusion detection systems (IDS) are one way to tackle the increasing number of attacks that exploit software vulnerabilities. However, the construction of such a security system is a delicate process involving: (i) the acquisition of the monitored program behavior and its storage in a compact way, (ii) the generation of a monitor detecting deviances in the program behavior. These problems are emphasized when dealing with complex or parallel programs. This paper presents a new approach to automatically generate a dedicated and customized IDS from C sources targeting multi-threaded programs. We use Petri Nets to benefit from a formal description able to compactly describe parallel behaviors. Obtained models can then be enhanced with extra requirements such as resources usage limits or temporal execution bounds by means of observers. We illustrate the benefits of our approach on a recent class of attacks targeting web servers.
Document type :
Conference papers
Complete list of metadatas

https://hal.archives-ouvertes.fr/hal-01292568
Contributor : Lip6 Publications <>
Submitted on : Wednesday, March 23, 2016 - 1:55:05 PM
Last modification on : Thursday, March 21, 2019 - 1:04:06 PM

Identifiers

Citation

Jean-Baptiste Voron, Clément Démoulins, Fabrice Kordon. Adaptable Intrusion Detection Systems Dedicated to Concurrent Programs: a Petri Net-Based Approach. 10th International Conference on Application of Concurrency to System Design (ACSD'2010), Jun 2010, Braga, Portugal. pp.57-66, ⟨10.1109/ACSD.2010.32⟩. ⟨hal-01292568⟩

Share

Metrics

Record views

88