TY - GEN
T1 - Ensemble
T2 - 5th International ICST Conference on Security and Privacy in Communication Networks, SecureComm 2009
AU - Qian, Feng
AU - Qian, Zhiyun
AU - Morley Mao, Z.
AU - Prakash, Atul
PY - 2009
Y1 - 2009
N2 - A major challenge in securing end-user systems is the risk of popular applications being hijacked at run-time. Traditional measures do not prevent such threats because the code itself is unmodified and local anomaly detectors are difficult to tune for correct thresholds due to insufficient training data. Given that the target of attackers are often popular applications for communication and social networking, we propose Ensemble, a novel, automated approach based on a trusted community of users contributing system-call level local behavioral profiles of their applications to a global profile merging engine. The trust can be assumed in cases such as enterprise environments and can be further policed by reputation systems, e.g., by exploiting trust relationships inherently associated with social networks. The generated global profile can be used by all community users for local anomaly detection or prevention. Evaluation results based on a malware pool of 57 exploits demonstrate that Ensemble is an effective defense technique for communities of about 300 or more users as in enterprise environments.
AB - A major challenge in securing end-user systems is the risk of popular applications being hijacked at run-time. Traditional measures do not prevent such threats because the code itself is unmodified and local anomaly detectors are difficult to tune for correct thresholds due to insufficient training data. Given that the target of attackers are often popular applications for communication and social networking, we propose Ensemble, a novel, automated approach based on a trusted community of users contributing system-call level local behavioral profiles of their applications to a global profile merging engine. The trust can be assumed in cases such as enterprise environments and can be further policed by reputation systems, e.g., by exploiting trust relationships inherently associated with social networks. The generated global profile can be used by all community users for local anomaly detection or prevention. Evaluation results based on a malware pool of 57 exploits demonstrate that Ensemble is an effective defense technique for communities of about 300 or more users as in enterprise environments.
UR - http://www.scopus.com/inward/record.url?scp=84885883648&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84885883648&partnerID=8YFLogxK
U2 - 10.1007/978-3-642-05284-2_10
DO - 10.1007/978-3-642-05284-2_10
M3 - Conference contribution
AN - SCOPUS:84885883648
SN - 3642052835
SN - 9783642052835
T3 - Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering
SP - 163
EP - 184
BT - Security and Privacy in Communication Networks - 5th International ICST Conference, SecureComm 2009, Revised Selected Papers
Y2 - 14 September 2009 through 18 September 2009
ER -