R
R. C. Sekar
Researcher at Stony Brook University
Publications - 110
Citations - 8422
R. C. Sekar is an academic researcher from Stony Brook University. The author has contributed to research in topics: Intrusion detection system & Anomaly detection. The author has an hindex of 45, co-authored 110 publications receiving 7844 citations. Previous affiliations of R. C. Sekar include Iowa State University & University of Michigan.
Papers
More filters
Proceedings Article
Address obfuscation: an efficient approach to combat a board range of memory error exploits
TL;DR: This paper develops a systematic study of a particular kind of obfuscation called address obfuscation that randomizes the location of victim program data and code, and presents an implementation that transforms object files and executables at link-time and load-time.
Proceedings ArticleDOI
A fast automaton-based method for detecting anomalous program behaviors
TL;DR: This paper describes the FSA based technique and presents a comprehensive experimental evaluation of the technique, which can capture both short term and long term temporal relationships among system calls, and thus perform more accurate detection.
Proceedings Article
Control flow integrity for COTS binaries
Mingwei Zhang,R. C. Sekar +1 more
TL;DR: This work demonstrates that the first work to apply CFI to complex shared libraries such as glibc is effective against control-flow hijack attacks, and eliminates the vast majority of ROP gadgets.
Proceedings ArticleDOI
Specification-based anomaly detection: a new approach for detecting network intrusions
TL;DR: Whereas feature selection was a crucial step that required a great deal of expertise and insight in the case of previous anomaly detection approaches, it is shown that the use of protocol specifications in the approach simplifies this problem.
Proceedings ArticleDOI
Code-pointer integrity
TL;DR: This chapter describes code-pointer integrity (CPI), a new design point that guarantees the integrity of all code pointers in a program and thereby prevents all control-flow hijack attacks that exploit memory corruption errors, including attacks that bypass control- flow integrity mechanisms, such as control-flows bending.