Anomaly Detection in Dynamic Execution Environments
Hajime (Jim) Inoue (University of New Mexico, USA)
ABSTRACT
Behavior-based anomaly detection is recognized as an effective way of
dealing with novel security exploits. The goal is to eliminate all
but known "good" operations by only allowing behavior described in
a profile generated by training. I describe several related approaches
to anomaly detection in what I call "Dynamic Execution Environments". These
are platforms like Java or .NET which include garbage collection,
just-in-time compilation, performance profiling, and a large standard
library. These environments allow an anomaly detection system to access
a far larger amount of information than that of kernel or other OS-based
systems and allow for application specific and sub-application specific
systems without encoding domain-specific information.
BIOGRAPHY
Hajime Inoue is a Ph.D. candidate at the University of New Mexico
under the supervision of Stephanie Forrest. He received his Bachelor's
in Biophysics from the University of Michigan.