Putting trojans on the horns of a dilemma: Redundancy for information theft detection

Jedidiah R. Crandall, John Brevik, Shaozhi Ye, Gary Wassermann, Daniela A.S. De Oliveira, Zhendong Su, S. Felix Wu, Frederic T. Chong

Research output: Chapter in Book/Report/Conference proceedingConference contribution

1 Scopus citations

Abstract

Conventional approaches to either information flow security or intrusion detection are not suited to detecting Trojans that steal information such as credit card numbers using adVanced cryptovirological and inference channel techniques. We propose a technique based on repeated deterministic replays in a virtual machine to detect the theft of private information. We prove upper bounds on the average amount of information an attacker can steal without being detected, even if they are allowed an arbitrary distribution of visible output states. Our intrusion detection approach is more practical than traditional approaches to information flow security. We show that it is possible to, for example, bound the average amount of information an attacker can steal from a 53-bit credit card number to less than a bit by sampling only 11 of the 253 possible outputs visible to the attacker, using a two-pronged approach of hypothesis testing and information theory.

Original languageEnglish (US)
Title of host publicationTransactions on Computational Science IV
Subtitle of host publicationSpecial Issue on Security in Computing
Pages244-262
Number of pages19
DOIs
StatePublished - 2009

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume5430 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Keywords

  • Information Theft Detection
  • Information Theory
  • Intrusion Detection
  • Malware Analysis

ASJC Scopus subject areas

  • Theoretical Computer Science
  • Computer Science(all)

Fingerprint Dive into the research topics of 'Putting trojans on the horns of a dilemma: Redundancy for information theft detection'. Together they form a unique fingerprint.

Cite this