Infrastructures in critical domains such as medical, power, telecommunications, and finance depend on information systems. Therefore, attacks can have devastating affects on these critical infrastructures. Moreover, an increasing number of organizations are relying on commodity software. This trend can be attributed to increasing reliance on out-sourcing and commercial off-the-shelf (COTS) components. However, deploying commodity software poses significant risks because they can contain exploitable vulnerabilities and hidden malicious behavior. Combating malicious behavior in commodity software is especially challenging because its user only has access to the executable for the software. This proposal addresses the problem of combating malicious behavior in commodity software. The proposed tasks are applicable in the context of model-based intrusion detection systems (MIDS) which are a type of host-based intrusion detection system (HIDS) that monitor program execution using a model. There are three major areas in MIDS: model construction, enforcement, and model analysis. This proposal addresses model construction and model analysis. In the context of MIDS, the proposed research will improve precision of existing model-construction algorithms, tackle privacy violations, and develop techniques for analyzing and refining models.
