Anomaly Detection in Dynamic Execution Environments

Hajime (Jim) Inoue (University of New Mexico, USA)


ABSTRACT

Behavior-based anomaly detection is recognized as an effective way of dealing with novel security exploits. The goal is to eliminate all but known "good" operations by only allowing behavior described in a profile generated by training. I describe several related approaches to anomaly detection in what I call "Dynamic Execution Environments". These are platforms like Java or .NET which include garbage collection, just-in-time compilation, performance profiling, and a large standard library. These environments allow an anomaly detection system to access a far larger amount of information than that of kernel or other OS-based systems and allow for application specific and sub-application specific systems without encoding domain-specific information.

BIOGRAPHY

Hajime Inoue is a Ph.D. candidate at the University of New Mexico under the supervision of Stephanie Forrest. He received his Bachelor's in Biophysics from the University of Michigan.