TITLE:
Detection of Sophisticated Network Enabled Threats via a Novel Micro-Proxy Architecture
AUTHORS:
Andrew Blyth
KEYWORDS:
Network Security; Firewalls; Proxies and Intrusion Detection
JOURNAL NAME:
Journal of Information Security,
Vol.5 No.2,
March
12,
2014
ABSTRACT:
With the increasing use of novel exploitation
techniques in modern malicious software it can be argued that current intrusion
detection and intrusion prevention systems are failing to keep pace. While some
intrusion prevention systems have the capability to detect evasion techniques
they all fail to detect novel unknown exploitation techniques. Traditional
proxy approaches have failed to protect the universe of discourse that a
network enabled service can be engaged in as they view all information flows of
the same type in a uniform manner. In this paper we propose a micro-proxy
architecture that utilizes reverse engineering techniques to identify a valid
universe of discourse for a network service. This valid universe of discourse
is then applied to validate legitimate transactions to a service. Thus in
effect, the micro proxy implements a default deny
policy via the analysis of the application level discourse.