Applying Code Coverage Analysis to Improve Anomaly-based Intrusion Detection

P. Vilela, E. Spoto, and M. Jino (Brazil)


Software Testing Coverage, Software Security, IntrusionDetection Systems, Anomaly Detection, Vulnerabilities


Even well engineered systems have security vulnerabilities. Methods, techniques and tools are developed to prevent software from having security glimpses that are exploitable by malicious users. As a last resort, intrusion detection systems monitor applications after deployment for possible intrusions. Intrusion detection systems based on anomaly detection use a set of training data to create a database of valid and legitimate execution patterns that are constantly compared to real execution patterns on a deployed system. This approach assumes that the attack pattern substantially differs from the legitimate pattern to grant an alarm and that the training data accurately represent different classes of users to minimize false positives. This paper presents a study aimed at understanding the relationship between code coverage analysis and intrusion detection. Its goal is to show that it is advantageous to incorporate software testing coverage information and use it as a guide to select training data used by an intrusion detection system.

Important Links:

Go Back