The mature signature-based intrusion detection technology has been the first line of defense in the cyberspace. However, due to the perpetual cat-and-mouse game and asymmetry natures of cybersecurity, high-risk assets susceptible to advanced persistent threats need to be equipped with proactive defense mechanisms, beyond the conventional reactive signature-based scanning. A more sophisticated cyber-defense technique is program anomaly detection, which builds models to represent properties of normal executions of programs and detect behavior deviations during execution. The advantage of anomaly detection techniques is their potential to detect new attacks. However, existing demonstrations are limited to lab environments. Multiple challenges need to be addressed, before such tools can be widely deployed in production systems.
This webinar highlights recent success in demonstrating substantial improvements in the accuracy under control-flow and data-oriented attacks in Linux, including malicious code reuse, security bypass, and service abuse. The webinar also describes exciting future research directions on hardware-assisted fast tracing, anomaly-detection as a service, supporting domain experts for inter-disciplinary anomaly discovery, and standardizing evaluation.
Slide are now available here: Yao-CSIAC-May-2017.pdf