Program semantics-Aware Intrusion Detection system (PAID)


Many modern worms rely on control hijacking attacks to take over the control of victim programs, and spread themselves further. These attacks employ various overflowing methods to modify control-sensitive data structures of target programs. Because many production-mode network applications contain software bugs that allow overflowing, control-hijacking attacks are among the most popular exploits.

An effective way to counter control-hijacking attacks is to monitor the system calls made by an application, and to detect any deviation between the application's system call policy and the run-time system call pattern. This approach is typically referred to as sand-boxing or anomaly-based intrusion detection. The assumption of this system call monitoring approach is that as long as an attacker cannot make arbitrary system calls, it is less likely that she can inflict any damage even after hijacking the control of a victim application. While how to detect an intrusion based on anomaly in run-time system call pattern is well understood, successful application of this technology requires an accurate system call model that minimizes false positives and negatives. In fact, deriving a system call monitoring policy for an arbitrary application that minimizes false negatives and positives is the Achilles' heel of any sand-boxing scheme.

PAID is a Program semantics-Aware Intrusion Detection system intrusion detection system that can automatically derive a highly accurate system call model from the source code of an arbitrary network application.


  • Exploit run-time information
  • Derive more precise constraints on the values of system call arguments


  • Protect host machine from known or unknown vulnerability
  • No patch required. Once the host machine has PAID installed, it is not necessay to patch the applications running on the host.
  • Zero false positive and zero false negative.

For more detailed information or licensing opportunities, please contact us at This e-mail address is being protected from spambots. You need JavaScript enabled to view it   

beacon consulting healthcarebuy cheap metronidazole