Automated intrusion prevention and self-healing software are active areas of security systems research. A major hurdle for the widespread deployment of these systems is that many system administrators lack confidence in the quality of the generated fixes. Thus, a key requirement for future self-healing software is that each automatically-generated fix must be validated before deployment. Under the response rates required by self-healing systems, we believe such verification must proceed automatically. We call this process Automatic Repair Validation (ARV). We describe the design and implementation of Bloodhound, a system that tags and tracks information between the kernel and the application and correlates symptoms of exploits (such as memory errors) with high-level data (e.g., network flows). By doing so, Bloodhound can replay the flows that triggered the repair process against the newly healed application to help show that the repair is accurate (i.e., it defeats the exploit). We show through experimentation a performance impact of as little as 2.6%. © 2008 Springer Berlin Heidelberg.
CITATION STYLE
Locasto, M. E., Burnside, M., & Keromytis, A. D. (2008). Online network forensics for automatic repair validation. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 5312 LNCS, pp. 136–151). Springer Verlag. https://doi.org/10.1007/978-3-540-89598-5_9
Mendeley helps you to discover research relevant for your work.