一种进程系统调用重复子序列的压缩算法

A Method of Compressing Repeated Segments in System Call Sequences Executed by the Process

下载PDF

导出

摘要以往入侵检测系统中采用的进程检测方法并未对进程系统调用序列中产生的重复子序列进行处理。本文提出了一种进程系统调用重复子序列的压缩算法,在系统调用序列收集过程中找出重复子序列,再将其作为一个整体参与模式的提取与检测。测试表明,对系统调用序列中的重复子序列进行压缩后能有效减少系统调用序列的长度,从而简化模式的学习和检测,提高进程检测的效率。 The intrusion detection methods based on process don't pay enough attention to short repeated sequences of system calls executed by running processes. This paper presents a method of compressing repeated segments in sys- tem call sequences run by the process. When collecting the system calls ,we mark the repeated sequences,which are treated as a whole to the process of pattern extraction. The data of experiment show that the length of the system call sequence is reduced after compressing the repeated sequences, to simplify the procedure of pattern study and detection and increase the efficiency.

作者黄梅荪杨寿保张蕾李宏伟

机构地区中国科学技术大学计算机科学技术系

出处《计算机科学》 CSCD 北大核心 2004年第7期91-93,共3页 Computer Science

基金国家自然科学基金(编号90104030) 安徽省"十五"科技攻关项目(编号01012013)支持

关键词入侵检测系统调用变长模式进程检测压缩算法子序列 Intrusion detection,System call,Variable-length-patterns,Detection based on process

分类号 TP393.08 [自动化与计算机技术—计算机应用技术]

引文网络
相关文献

参考文献8

1[1]Forrest S,Hofmeyr S A,Somayaji A,Longstaff T A. A sense of self for Unix processes. Security and Privacy,1996. In:Proc. 1996IEEE Symposium on,1996. 120 ～128
2[2]Hofmeyr S A, Forrest S, Somayaji A. Lightweight Intrusion Detection for Networked Operating Systems. http:∥www.cs. unm. edu/～immsec/publications/ids. pdf
3[3]Wespi A,Dacier M ,Debar H. Intrusion Detection Using VariableLength Audit Trail Patterns, Recent Advances in Intrusion Detection - Lecture Notes in Computer Science ed. by H. Debar,L. Mé,S. F. Wu. ,Berlin,Springer-Verlag,vol. 1907,2000. 110～129
4[4]Debar H, et al. Fixed vs. variable-length patterns for detecting suspicious process. In J. J. Quisquater,Y. Deswarte, C. Meadows,D. Gollmann, eds. Proc. of the 1998 ESORICS Conference, number 1485 in LNCS,sep. 1998.1～16
5[5]Wespi A, Dacier M, Debar H. An Intrusion-Detection System Based on the Teiresias Pattern-Discovery Algorithm: [IBM Research Report]. 1999
6[6]Eskin E,et al. Modeling System Calls for Intrusion Detection with Dynamic Window Sizes. http:∥wwwl. cs. columbia. edu/ids/publications/smt-syscall-discex01. pdf
7[7]http:∥www. cs. unm. edu/～immsec/systemcalls. htm
8[8]Jiang N,et al. Exploiting Pattern Relationship for Intrusion Detection. In:Proc. of the 2003 Symposium on Applications and the Internet, Jan. 2003. 200 ～208

1XFreeBOY.内核级编程实践之进程检测[J].黑客防线,2005(12):106-108.
2尹浩然.基于Windows平台下的R00tkit进程检测技术研究[J].消费电子,2012(07X):109-109.
3王雷,凌翔.Windows Rootkit进程隐藏与检测技术[J].计算机工程,2010,36(5):140-142. 被引量：8
4天涯衰草.杀马英雄传之试招[J].计算机应用文摘,2006(28):91-91.
5Cxs_cqupt,周林.简单获取所有内核对象类型[J].黑客防线,2010(5):98-99.
6闫广禄,罗森林.基于线程调度的隐藏进程检测技术研究[J].信息网络安全,2013(2):38-40. 被引量：7
7小小杉.Ring0级Rootkit进程隐藏与检测技术[J].黑客防线,2010(5):75-82.
8IDM全域化应用智能[J].网管员世界,2005(11):23-23.
9junfduzn.一种基于内存搜索的进程检测方法[J].黑客防线,2009(5):64-67.
10史国振,黄琼,席宗虎,苏铓.基于QEMU的安卓进程发现工具设计与实现[J].计算机工程与设计,2015,36(4):851-856. 被引量：1

计算机科学

2004年第7期

浏览历史

内容加载中请稍等...

一种进程系统调用重复子序列的压缩算法

参考文献8

相关作者

相关机构

相关主题

浏览历史