DATA-PROVENANCE VERIFICATION FOR SECURE HOSTS

Network or host-based signature scanning approaches alone were proven inadequate against new and emerging malware. We view malicious bots or malware in general as entities stealthily residing on a human user’s computer and interacting with the user’s computing resources. In this existing work we need to improve the trustworthiness of a host and its system data. Specifically, we provide a new mechanism that ensures the correct origin or provenance of critical system information and prevents adversaries from utilizing host resources. We define data-provenance integrity as the security property stating that the source where a piece of data is generated cannot be spoofed or tampered with. We describe a cryptographic provenance verification approach for ensuring system properties and system-data integrity at kernel-level. Its two concrete applications are demonstrated in the keystroke integrity verification and malicious traffic detection. Specifically, we first design and implement an efficient cryptographic protocol. The protocol prevents the forgery of fake key events by malware under reasonable assumptions. Then, we demonstrate our provenance verification approach by realizing a lightweight framework for restricting outbound malware traffic. We propose a malware detection approach based on the characteristic behaviors of human users. We explore the human-malware differences and classifies them to aid the detection of infected hosts by using support vector Machine (SVM) models. The server can collects the keystroke of particular client and classifies using SVM then verifies the data provenance for secure host. The existing Cryptographic provenance verification fails to detect the malware or trustworthiness of client in their own machine means it can be easily finds the trustworthy by the server using the classification models. There are two main challenges in this proposed work: one is how to select characteristic behavior features for classification, and the other is how to prevent malware forgeries.

[1]  R. Sekar An Efficient Black-box Technique for Defeating Web Application Attacks , 2009, NDSS.

[2]  Michael K. Reiter,et al.  Safe Passage for Passwords and Other Sensitive Data , 2009, NDSS.

[3]  Qiang Ma,et al.  Detecting infection onset with behavior-based policies , 2011, 2011 5th International Conference on Network and System Security.

[4]  Deian Stefan,et al.  Keystroke-dynamics authentication against synthetic forgeries , 2010, 6th International Conference on Collaborative Computing: Networking, Applications and Worksharing (CollaborateCom 2010).

[5]  Arati Baliga,et al.  Lurking in the Shadows: Identifying Systemic Threats to Kernel Data , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[6]  Randy H. Katz,et al.  Design and implementation of an extrusion-based break-in detector for personal computers , 2005, 21st Annual Computer Security Applications Conference (ACSAC'05).

[7]  Santosh K. Shrivastava Satem: Trusted Service Code Execution across Transactions , 2006, 2006 25th IEEE Symposium on Reliable Distributed Systems (SRDS'06).

[8]  Abhinav Srivastava,et al.  Tamper-Resistant, Application-Aware Blocking of Malicious Network Connections , 2008, RAID.