Putting trojans on the horns of a dilemma: Redundancy for information theft detection

Jedidiah R. Crandall; John Brevik; Shaozhi Ye; Gary Wassermann; Daniela A.S. De Oliveira; Zhendong Su; S. Felix Wu; Frederic T. Chong

doi:10.1007/978-3-642-01004-0_14

Putting trojans on the horns of a dilemma: Redundancy for information theft detection

Jedidiah R. Crandall, John Brevik, Shaozhi Ye, Gary Wassermann, Daniela A.S. De Oliveira, Zhendong Su, S. Felix Wu, Frederic T. Chong

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

2 Scopus citations

Abstract

Conventional approaches to either information flow security or intrusion detection are not suited to detecting Trojans that steal information such as credit card numbers using adVanced cryptovirological and inference channel techniques. We propose a technique based on repeated deterministic replays in a virtual machine to detect the theft of private information. We prove upper bounds on the average amount of information an attacker can steal without being detected, even if they are allowed an arbitrary distribution of visible output states. Our intrusion detection approach is more practical than traditional approaches to information flow security. We show that it is possible to, for example, bound the average amount of information an attacker can steal from a 53-bit credit card number to less than a bit by sampling only 11 of the 253 possible outputs visible to the attacker, using a two-pronged approach of hypothesis testing and information theory.

Original language	English (US)
Title of host publication	Transactions on Computational Science IV
Subtitle of host publication	Special Issue on Security in Computing
Pages	244-262
Number of pages	19
DOIs	https://doi.org/10.1007/978-3-642-01004-0_14
State	Published - 2009
Externally published	Yes

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	5430 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Keywords

Information Theft Detection
Information Theory
Intrusion Detection
Malware Analysis

ASJC Scopus subject areas

Theoretical Computer Science
General Computer Science

Access to Document

10.1007/978-3-642-01004-0_14

Cite this

Crandall, J. R., Brevik, J., Ye, S., Wassermann, G., De Oliveira, D. A. S., Su, Z., Wu, S. F., & Chong, F. T. (2009). Putting trojans on the horns of a dilemma: Redundancy for information theft detection. In Transactions on Computational Science IV: Special Issue on Security in Computing (pp. 244-262). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 5430 LNCS). https://doi.org/10.1007/978-3-642-01004-0_14

Putting trojans on the horns of a dilemma: Redundancy for information theft detection. / Crandall, Jedidiah R.; Brevik, John; Ye, Shaozhi et al.
Transactions on Computational Science IV: Special Issue on Security in Computing. 2009. p. 244-262 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 5430 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Crandall, JR, Brevik, J, Ye, S, Wassermann, G, De Oliveira, DAS, Su, Z, Wu, SF & Chong, FT 2009, Putting trojans on the horns of a dilemma: Redundancy for information theft detection. in Transactions on Computational Science IV: Special Issue on Security in Computing. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 5430 LNCS, pp. 244-262. https://doi.org/10.1007/978-3-642-01004-0_14

Crandall JR, Brevik J, Ye S, Wassermann G, De Oliveira DAS, Su Z et al. Putting trojans on the horns of a dilemma: Redundancy for information theft detection. In Transactions on Computational Science IV: Special Issue on Security in Computing. 2009. p. 244-262. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-642-01004-0_14

Crandall, Jedidiah R. ; Brevik, John ; Ye, Shaozhi et al. / Putting trojans on the horns of a dilemma : Redundancy for information theft detection. Transactions on Computational Science IV: Special Issue on Security in Computing. 2009. pp. 244-262 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{8c766fcf78404e3fa958da66ceec5f0a,

title = "Putting trojans on the horns of a dilemma: Redundancy for information theft detection",

abstract = "Conventional approaches to either information flow security or intrusion detection are not suited to detecting Trojans that steal information such as credit card numbers using adVanced cryptovirological and inference channel techniques. We propose a technique based on repeated deterministic replays in a virtual machine to detect the theft of private information. We prove upper bounds on the average amount of information an attacker can steal without being detected, even if they are allowed an arbitrary distribution of visible output states. Our intrusion detection approach is more practical than traditional approaches to information flow security. We show that it is possible to, for example, bound the average amount of information an attacker can steal from a 53-bit credit card number to less than a bit by sampling only 11 of the 253 possible outputs visible to the attacker, using a two-pronged approach of hypothesis testing and information theory.",

keywords = "Information Theft Detection, Information Theory, Intrusion Detection, Malware Analysis",

author = "Crandall, {Jedidiah R.} and John Brevik and Shaozhi Ye and Gary Wassermann and {De Oliveira}, {Daniela A.S.} and Zhendong Su and Wu, {S. Felix} and Chong, {Frederic T.}",

year = "2009",

doi = "10.1007/978-3-642-01004-0_14",

language = "English (US)",

isbn = "3642010032",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

pages = "244--262",

booktitle = "Transactions on Computational Science IV",

}

TY - GEN

T1 - Putting trojans on the horns of a dilemma

T2 - Redundancy for information theft detection

AU - Crandall, Jedidiah R.

AU - Brevik, John

AU - Ye, Shaozhi

AU - Wassermann, Gary

AU - De Oliveira, Daniela A.S.

AU - Su, Zhendong

AU - Wu, S. Felix

AU - Chong, Frederic T.

PY - 2009

Y1 - 2009

N2 - Conventional approaches to either information flow security or intrusion detection are not suited to detecting Trojans that steal information such as credit card numbers using adVanced cryptovirological and inference channel techniques. We propose a technique based on repeated deterministic replays in a virtual machine to detect the theft of private information. We prove upper bounds on the average amount of information an attacker can steal without being detected, even if they are allowed an arbitrary distribution of visible output states. Our intrusion detection approach is more practical than traditional approaches to information flow security. We show that it is possible to, for example, bound the average amount of information an attacker can steal from a 53-bit credit card number to less than a bit by sampling only 11 of the 253 possible outputs visible to the attacker, using a two-pronged approach of hypothesis testing and information theory.

AB - Conventional approaches to either information flow security or intrusion detection are not suited to detecting Trojans that steal information such as credit card numbers using adVanced cryptovirological and inference channel techniques. We propose a technique based on repeated deterministic replays in a virtual machine to detect the theft of private information. We prove upper bounds on the average amount of information an attacker can steal without being detected, even if they are allowed an arbitrary distribution of visible output states. Our intrusion detection approach is more practical than traditional approaches to information flow security. We show that it is possible to, for example, bound the average amount of information an attacker can steal from a 53-bit credit card number to less than a bit by sampling only 11 of the 253 possible outputs visible to the attacker, using a two-pronged approach of hypothesis testing and information theory.

KW - Information Theft Detection

KW - Information Theory

KW - Intrusion Detection

KW - Malware Analysis

UR - http://www.scopus.com/inward/record.url?scp=67650311362&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=67650311362&partnerID=8YFLogxK

U2 - 10.1007/978-3-642-01004-0_14

DO - 10.1007/978-3-642-01004-0_14

M3 - Conference contribution

AN - SCOPUS:67650311362

SN - 3642010032

SN - 9783642010033

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 244

EP - 262

BT - Transactions on Computational Science IV

ER -

Putting trojans on the horns of a dilemma: Redundancy for information theft detection

Abstract

Publication series

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this