Search Results

Documents authored by Neuhaus, Stephan


Document
Isolating Intrusions by Automatic Experiments

Authors: Stephan Neuhaus

Published in: OASIcs, Volume 3, Workshop on Trustworthy Software (2006)


Abstract
When dealing with malware infections, one of the first tasks is to find the processes that were involved in the attack. We introduce Malfor, a system that isolates those processes automatically. In contrast to other methods that help analyze attacks, Malfor works by experiments: first, we record the interaction of the system under attack; after the intrusion has been detected, we replay the recorded events in slightly different configurations to see which processes were relevant for the intrusion. This approach has three advantages over deductive approaches: first, the processes that are thus found have been experimentally shown to be relevant for the attack; second, the amount of evidence that must then be analyzed to find the attack vector is greatly reduced; and third, Malfor itself cannot make wrong deductions. In a first experiment, Malfor was able to extract the three processes responsible for an attack from 32 candidates in about six minutes.

Cite as

Stephan Neuhaus. Isolating Intrusions by Automatic Experiments. In Workshop on Trustworthy Software. Open Access Series in Informatics (OASIcs), Volume 3, pp. 1-3, Schloss Dagstuhl - Leibniz-Zentrum für Informatik (2006)


Copy BibTex To Clipboard

@InProceedings{neuhaus:OASIcs.TrustworthySW.2006.696,
  author =	{Neuhaus, Stephan},
  title =	{{Isolating Intrusions by Automatic Experiments}},
  booktitle =	{Workshop on Trustworthy Software},
  pages =	{1--3},
  series =	{Open Access Series in Informatics (OASIcs)},
  ISBN =	{978-3-939897-02-6},
  ISSN =	{2190-6807},
  year =	{2006},
  volume =	{3},
  editor =	{Autexier, Serge and Merz, Stephan and van der Torre, Leon and Wilhelm, Reinhard and Wolper, Pierre},
  publisher =	{Schloss Dagstuhl -- Leibniz-Zentrum f{\"u}r Informatik},
  address =	{Dagstuhl, Germany},
  URL =		{https://drops.dagstuhl.de/entities/document/10.4230/OASIcs.TrustworthySW.2006.696},
  URN =		{urn:nbn:de:0030-drops-6960},
  doi =		{10.4230/OASIcs.TrustworthySW.2006.696},
  annote =	{Keywords: Intrusion Analysis, Malware, Experimentation}
}
Questions / Remarks / Feedback
X

Feedback for Dagstuhl Publishing


Thanks for your feedback!

Feedback submitted

Could not send message

Please try again later or send an E-mail