On the Deployment of Dynamic Taint Analysis for Application Communities
Summary :
Although software-attack detection via dynamic taint analysis (DTA) supports high coverage of program execution, it prohibitively degrades the performance of the monitored program. This letter explores the possibility of collaborative dynamic taint analysis among members of an application community (AC): instead of full monitoring for every request at every instance of the AC, each member uses DTA for some fraction of the incoming requests, thereby loosening the burden of heavyweight monitoring. Our experimental results using a test AC based on the Apache web server show that speedy detection of worm outbreaks is feasible with application communities of medium size (i.e., 250-500).
- Publication
- IEICE TRANSACTIONS on Information Vol.E92-D No.3 pp.548-551
- Publication Date
- 2009/03/01
- Publicized
- Online ISSN
- 1745-1361
- DOI
- 10.1587/transinf.E92.D.548
- Type of Manuscript
- LETTER
- Category
- Application Information Security
Authors
Keyword
Latest Issue
Copyrights notice of machine-translated contents
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
Cite this
Copy
Hyung Chan KIM, Angelos KEROMYTIS, "On the Deployment of Dynamic Taint Analysis for Application Communities" in IEICE TRANSACTIONS on Information,
vol. E92-D, no. 3, pp. 548-551, March 2009, doi: 10.1587/transinf.E92.D.548.
Abstract: Although software-attack detection via dynamic taint analysis (DTA) supports high coverage of program execution, it prohibitively degrades the performance of the monitored program. This letter explores the possibility of collaborative dynamic taint analysis among members of an application community (AC): instead of full monitoring for every request at every instance of the AC, each member uses DTA for some fraction of the incoming requests, thereby loosening the burden of heavyweight monitoring. Our experimental results using a test AC based on the Apache web server show that speedy detection of worm outbreaks is feasible with application communities of medium size (i.e., 250-500).
URL: https://global.ieice.org/en_transactions/information/10.1587/transinf.E92.D.548/_p
Copy
@ARTICLE{e92-d_3_548,
author={Hyung Chan KIM, Angelos KEROMYTIS, },
journal={IEICE TRANSACTIONS on Information},
title={On the Deployment of Dynamic Taint Analysis for Application Communities},
year={2009},
volume={E92-D},
number={3},
pages={548-551},
abstract={Although software-attack detection via dynamic taint analysis (DTA) supports high coverage of program execution, it prohibitively degrades the performance of the monitored program. This letter explores the possibility of collaborative dynamic taint analysis among members of an application community (AC): instead of full monitoring for every request at every instance of the AC, each member uses DTA for some fraction of the incoming requests, thereby loosening the burden of heavyweight monitoring. Our experimental results using a test AC based on the Apache web server show that speedy detection of worm outbreaks is feasible with application communities of medium size (i.e., 250-500).},
keywords={},
doi={10.1587/transinf.E92.D.548},
ISSN={1745-1361},
month={March},}
Copy
TY - JOUR
TI - On the Deployment of Dynamic Taint Analysis for Application Communities
T2 - IEICE TRANSACTIONS on Information
SP - 548
EP - 551
AU - Hyung Chan KIM
AU - Angelos KEROMYTIS
PY - 2009
DO - 10.1587/transinf.E92.D.548
JO - IEICE TRANSACTIONS on Information
SN - 1745-1361
VL - E92-D
IS - 3
JA - IEICE TRANSACTIONS on Information
Y1 - March 2009
AB - Although software-attack detection via dynamic taint analysis (DTA) supports high coverage of program execution, it prohibitively degrades the performance of the monitored program. This letter explores the possibility of collaborative dynamic taint analysis among members of an application community (AC): instead of full monitoring for every request at every instance of the AC, each member uses DTA for some fraction of the incoming requests, thereby loosening the burden of heavyweight monitoring. Our experimental results using a test AC based on the Apache web server show that speedy detection of worm outbreaks is feasible with application communities of medium size (i.e., 250-500).
ER -
English
