TY - GEN
T1 - Putting trojans on the horns of a dilemma
T2 - Redundancy for information theft detection
AU - Crandall, Jedidiah R.
AU - Brevik, John
AU - Ye, Shaozhi
AU - Wassermann, Gary
AU - De Oliveira, Daniela A.S.
AU - Su, Zhendong
AU - Wu, S. Felix
AU - Chong, Frederic T.
N1 - Copyright:
Copyright 2012 Elsevier B.V., All rights reserved.
PY - 2009
Y1 - 2009
N2 - Conventional approaches to either information flow security or intrusion detection are not suited to detecting Trojans that steal information such as credit card numbers using adVanced cryptovirological and inference channel techniques. We propose a technique based on repeated deterministic replays in a virtual machine to detect the theft of private information. We prove upper bounds on the average amount of information an attacker can steal without being detected, even if they are allowed an arbitrary distribution of visible output states. Our intrusion detection approach is more practical than traditional approaches to information flow security. We show that it is possible to, for example, bound the average amount of information an attacker can steal from a 53-bit credit card number to less than a bit by sampling only 11 of the 253 possible outputs visible to the attacker, using a two-pronged approach of hypothesis testing and information theory.
AB - Conventional approaches to either information flow security or intrusion detection are not suited to detecting Trojans that steal information such as credit card numbers using adVanced cryptovirological and inference channel techniques. We propose a technique based on repeated deterministic replays in a virtual machine to detect the theft of private information. We prove upper bounds on the average amount of information an attacker can steal without being detected, even if they are allowed an arbitrary distribution of visible output states. Our intrusion detection approach is more practical than traditional approaches to information flow security. We show that it is possible to, for example, bound the average amount of information an attacker can steal from a 53-bit credit card number to less than a bit by sampling only 11 of the 253 possible outputs visible to the attacker, using a two-pronged approach of hypothesis testing and information theory.
KW - Information Theft Detection
KW - Information Theory
KW - Intrusion Detection
KW - Malware Analysis
UR - http://www.scopus.com/inward/record.url?scp=67650311362&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=67650311362&partnerID=8YFLogxK
U2 - 10.1007/978-3-642-01004-0_14
DO - 10.1007/978-3-642-01004-0_14
M3 - Conference contribution
AN - SCOPUS:67650311362
SN - 3642010032
SN - 9783642010033
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 244
EP - 262
BT - Transactions on Computational Science IV
ER -