Detection of Sophisticated Network Enabled Threats via a Novel Micro-Proxy Architecture ()
ABSTRACT
With the increasing use of novel exploitation
techniques in modern malicious software it can be argued that current intrusion
detection and intrusion prevention systems are failing to keep pace. While some
intrusion prevention systems have the capability to detect evasion techniques
they all fail to detect novel unknown exploitation techniques. Traditional
proxy approaches have failed to protect the universe of discourse that a
network enabled service can be engaged in as they view all information flows of
the same type in a uniform manner. In this paper we propose a micro-proxy
architecture that utilizes reverse engineering techniques to identify a valid
universe of discourse for a network service. This valid universe of discourse
is then applied to validate legitimate transactions to a service. Thus in
effect, the micro proxy implements a default deny
policy via the analysis of the application level discourse.
Share and Cite:
Blyth, A. (2014) Detection of Sophisticated Network Enabled Threats via a Novel Micro-Proxy Architecture.
Journal of Information Security,
5, 37-45. doi:
10.4236/jis.2014.52004.