Abstract
An epidemic is malicious code running on a subset of a community, a homogeneous set of instances of an application. Syzygy is an epidemic detection framework that looks for time-correlated anomalies, i.e., divergence from a model of dynamic behavior. We show mathematically and experimentally that, by leveraging the statistical properties of a large community, Syzygy is able to detect epidemics even under adverse conditions, such as when an exploit employs both mimicry and polymorphism. This work provides a mathematical basis for Syzygy, describes our particular implementation, and tests the approach with a variety of exploits and on commodity server and desktop applications to demonstrate its effectiveness. © 2010 Springer-Verlag.
Author supplied keywords
Cite
CITATION STYLE
Oliner, A. J., Kulkarni, A. V., & Aiken, A. (2010). Community epidemic detection using time-correlated anomalies. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 6307 LNCS, pp. 360–381). Springer Verlag. https://doi.org/10.1007/978-3-642-15512-3_19
Register to see more suggestions
Mendeley helps you to discover research relevant for your work.
