The recent outbreaks of extremely fast spreading worms highlight the inadequacy of the current patching approach. Intrusion prevention systems (IPSs) that automatically generate and apply protection to client systems have been proposed as a solution. Despite all the effort in this area, the design of IPSs remains a difficult, ad-hoc process. In this paper, we propose the LAIDS/LIDS framework for systematic design of IPS. A major advantage of our framework is that IPSs designed in this framework have a very simple countermeasure-generation process. To better illustrate our idea, we have implemented a prototype IPS, the Lazy Shepherding IPS, based on our framework. Evaluation shows that the prototype is effective against all tested attacks, and incur an overhead of less than 3 % when it is configured to defend against a large number of attacks. Our prototype also avoids a lot of practical problems faced by many other IPSs
To submit an update or takedown request for this paper, please submit an Update/Correction/Removal Request.