期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

基于系统调用的入侵检测方法研究 被引量:2

Research of Intrusion Detection Based on System Call
下载PDF
导出
摘要 系统调用是操作系统和用户程序的接口 ,任何程序都必须通过系统调用才能执行 ,针对系统调用进行入侵检测的实施 ,能增加入侵检测的准确性和正确性 ,并使实时监测和分层安全成为可能。本文分析了在系统调用层面上实现入侵检测的可能性和优越性 ,详细阐明了目前各种基于系统调用入侵检测的方法和性能比较 ,讨论了基于系统调用入侵检测研究的发展趋势。 System calls are the interface between operating system and user programs Execution of each program must use some system calls So the implementation of intrusion detection using system calls will improve the accuracy and correctness It also makes realtime monitoring and layeredsecurity possible This paper first analyses the possibility and advantages of system call based on intrusion detection Then it describes some kinds of system call based on intrusion detection techniques in detail and compares performances of some methods Finally, the future direction in this field is discussed
作者 路明 符鹤
机构地区 中南大学信息科学与工程学院
出处 《现代电子技术》 2005年第4期36-39,共4页 Modern Electronics Technique
关键词 入侵检测 系统调用 特权进程 分层安全 intrusion detection system call privileged process layered-security
分类号 TP309 [自动化与计算机技术—计算机系统结构]
  • 相关文献

参考文献15

  • 1刘海峰,卿斯汉,蒙杨,刘文清.一种基于审计的入侵检测模型及其实现机制[J].电子学报,2002,30(8):1167-1171. 被引量:15
  • 2谭小彬,王卫平,奚宏生,殷保群.系统调用序列的Markov模型及其在异常检测中的应用[J].计算机工程,2002,28(12):189-191. 被引量:13
  • 3张琨,许满武,张宏,刘凤玉.基于一种相对Hamming距离的入侵检测方法——RHDID[J].计算机学报,2003,26(1):65-70. 被引量:12
  • 4崔国华,李道文.基于系统调用序列的柔性状态机入侵检测模型[J].华中科技大学学报(自然科学版),2003,31(1):40-42. 被引量:2
  • 5Hofmeyr S A,Forrest S,Somayaji A. Intrusion Detection Using Sequences of System Calls[J].Journal of Computer Security,1998,6:151180.
  • 6Damashek M.Gauging Similarity with n-grams: Language Independent Categorization of Text[J].Science,1995,267:843-848.
  • 7Yihua Liao, Vemuri V R. Using Text Categorization Techniques for Intrusion Detection[J]. In 11th USENIX Security Symposium,2002.
  • 8Helman P,Bhangoo J. A Statistically Based System for Prioritizing Information Exploration under Uncertainty[J].IEEE Transactions on Systems, Man and Cybernetics, Part A: Systems and Humans,1997,27(4):449-466.
  • 9Javitz H S,Valdes A. The NIDES Statistical Component: Description and Justification. Technical Report, Computer Science Laboratory, SRI International, Menlo Park, CA, March 1993.
  • 10Eleazar Eskin. Anomaly Detection over Noisy Data Using Learned Probability Distributions. In Proceedings of the Seventeenth International Conference on Machine Learning (ICML-2000), 2000.

二级参考文献17

  • 1[1]Lindqvist U, Porras P A. Detecting Computer and Network Misuse Through the Production-based Expert System Toolset (P-BEST). In: Proceedings of the 1999 IEEE Symposium on Security and Privacy.Orkland California, 1999:146-161
  • 2[2]Hochberg J,Jackson K,Stallings C,et al.NADIR:An Automated System for Detection Network Intrusion and Misuse. Computer & Security, 1993,12(3): 235-248
  • 3[3]Smaha S E.Haystack:An Intrusion Detection System. In:Proceedings ofthe IEEE Fourth Aerospace Computer Security Applications Confe rence,Orlando,FL, USA,IEEE Computer Society Press, 1988:37-44
  • 4[4]Sebring M M,Shellhouse E,Hanna M E,et al. Expert Systems in Intrusion Detection:A Case Study. In Proceedings of the 1 lth National Computer Security Conference,Baltimore,Maryland,US A,NIST, 1988
  • 5[5]Lunt T F,Tamaru A,Gilham F,et aI.IDES:A Progress Report. In:Annual Computer Security Applications Conference,Tuscon,Arizona:IEEE Computer Society Press, 1990:273-285
  • 6[6]Forrest S,Hofmeyr S A,Somaya ii A,et al.A Sense of Self for Unix Processes.In:Proceedings of the 1996 IEEE Symposium on Security and Privacy,Orkland California, 1996:120-128
  • 7Barton P Miller,David Koski,Cjin Pheow Lee,etc.Fuzz revisited:A re-examination of the reliability of UNIX utilities and services [R].Technical report,CS-TR -95-1268,Computer Sciences Department,University of Wisconsin,1995.
  • 8W Lee,S J Stolfo.Data mining approaches for intrusion detection [A].In Proceed ings of the 7th USENIX Security Symposium [C].San Antonio,Texas,USA:1998.
  • 9John P Wack,Lisa J Carnahan.Keeping your site comfortably secure: An Introductio n to Internet Firewalls [DB/OL].NIST Special Publication 800-10,U.S.DEPARTMENT OF COMMERCE. .
  • 10S Forrest,S A Hofmeyr,A Somayaji,T A Longstaff.A sense of self for UNIX processe s [A].In Proceedings of the 1996 IEEE Symposium on Security and Privacy [C]. Los Alamitos,CA:1996.120-128.

共引文献38

同被引文献35

  • 1周立萍,陈平.逆向工程发展现状研究[J].计算机工程与设计,2004,25(10):1658-1660. 被引量:17
  • 2朱国强,刘真,李宗伯.对计算机系统中程序行为的分析和研究[J].计算机应用,2005,25(12):2739-2741. 被引量:2
  • 3程金宏,刘东升.程序代码相似度自动度量技术研究综述[J].内蒙古师范大学学报(自然科学汉文版),2006,35(4):457-461. 被引量:13
  • 4邓爱萍,徐国梁,肖奔.基于串匹配方法的源代码复制检测技术研究[J].科学技术与工程,2007,7(10):2251-2254. 被引量:9
  • 5OKAMOTO K, TAMADA H, NAKAMURA M,et al. Dynamic software birthmarks based on API calls[ J]. IEICE Trans on Information and Systems, 2006, 89(8) :1751- 1763.
  • 6TAMADA H, OKAMOTO K, NAKAMURA M, et al. Dynamic software birthmarks to detect the theft of windows applications[ C]//Proc of International Symposium on Future Software Technology. 2004.
  • 7SCHULER D, DALLMEIER V. Detecting software theft with API call sequence sets [ C ]//Proc of Workshop on Software Reengineering.2006.
  • 8SCHULER D, DALLMEIER V, LINDIG C, et al. A dynamic:birthmark for Java[ C]//Proc of the 22nd IEEE/ACM International Conference on Automated Software Engineering. New York:ACM Press, 2007:274- 283.
  • 9CHRISTODORESCU M,JHA S,KRUEGEL C. Mining specifications of malicious behavior[ C ]//Proc of the 6th Joint Meeting European Software Engineering Conference and the ACM SIGSOFT International Symposium on Found Ations of Software Engineering. 2007:3-7.
  • 10TAMADA H, NAKAMURA M, MONDEN A, et al. Detecting the theft of programs using birthmarks, NAIST-IS-TR-2003014[ R]. Nara:Nara Institute of Science & Technology, 2003.

引证文献2

二级引证文献4

现代电子技术
2005年 第4期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部