Table of Contents
Synthesizing �Fast Intrusion Prevention/Detection Systems from High-Level Specifications
The Problem
Attack Model
Our Approach
Our Approach (Contd.)
Key Problems
Pattern Language�Regular Expressions over Events (REE)
Response Language
Example Specifications
Example Specifications�Case Study: FTP Server
Development of FTP Specification
Efficient Run-time Monitoring
Approach to Fast REE Matching
EFSA Construction
EFSA Construction: Example
EFSA Construction: Example
Performance �System call interception overhead
Performance �Pattern-matching time
Performance �Size of EFSA
Related Work
Key Benefits of Our Approach
|