一种基于系统调用异常检测的改进算法

An Improved Method Based on System Call Anomaly Detection

下载PDF

导出

摘要基于系统调用的异常检测方法只能检测到攻击的发生,不能判断出攻击的性质和目的。针对这个问题,提出了一种算法(对系统调用序列和传统算法检测到的攻击进行再分析),基本思路是在训练时统计系统调用的频率信息,建立程序正常运行时的文件访问分布模型,并在系统调用的层次上提出一种攻击的分类方法,在检测时以传统的基于系统调用的异常检测方法为基础,结合训练时得到的信息,确定攻击所属的类别和攻击的优先级。实验结果表明,该方法能有效预测出攻击的性质和目的,并改善了原方法的检测率和误报率等指标。 System call based anomaly detection can not predict the intent of attacks, to solve this problem, a further analysis method was proposed, which conducted further analysis on system call sequence and the detection results of traditional method. The basic idea is to record system call frequency information,construct file access distribution models of properly running programs at train phase, at detection phase, traditional methods were modified to take these information and models into account to determine the classes of attacks. Experiments show that our method can effectively predict attack＇ s intent, while its detection rate and false positive performance is comparable to or better than the other approaches.

作者罗宁喻莉

机构地区华中科技大学电子与信息工程系

出处《电子工程师》 2005年第7期51-55,共5页 Electronic Engineer

关键词系统调用异常检测误用检测关联分析算法 system call, anomaly detection, misuse detection, correlation, analysis arithmetic

分类号 TP393.08 [自动化与计算机技术—计算机应用技术]

引文网络
相关文献

参考文献10

1Hofmeyr S A , Forrest S , Somayaji A . Intrusion Detection Using Sequences of System Calls. Journal of Computer Security, 1995, 6(3) :151 - 180
2Lee W , Stolfo S J . Data Mining Approaches for Intrusion Detection. In: Proceedings of the7 th USENIX Security Symposium. San Autonio(TX, USA), 1998
3Warrender C, Forrest S, Pearlmutter B. Detecting Intrusions Using System Calls: Alternative Data Models. In: Proceedings of IEEE Symposium on Research in Security and Privacy.Oakland(CA, USA), 1999. Piscataway ( NJ, USA): IEEE,1999. 133 - 135
4Ghosh A K, Schwartzbard A. A Study in Using Neural Networks for Anomaly and Misuse Detection. In:Proceedings of the 8th USENIX Security Symposium. Washington (DC,USA), 1999
5Wagner D, Dean D. Intrusion Detection via Static Analysis.In: Proceedings of the 2001 IEEE Symposium on Research in Security and Privacy. Oakland(CA, USA),2001. Piscataway (NJ, USA): IEEE, 2001. 156-168
6Giffin J T, Jha S, Miller B P. Detecting Manipulated Remote Call Streams. In: Proceedings of the 11 th USENIX Security Symposium. San Francisco(CA, USA), 2002
7Sekar R, Bendre M, Dhurjati D, et al. A Fast Automatonbased Method for Detecting Anomalous Program Behaviors.In: Proceedings of the IEEE Symposium on Research in Security and Privacy. Oakland ( CA, USA ) , 2001. Piscataway (NJ, USA): IEEE, 2001. 144 - 155
8Feng H, Kolesnikov O M, Fogla P, et al. Anomaly Detection Using Call Stack Information. In: Proceedings of the 2003IEEE Symposium on Research in Security and Privacy. Berkeley ( CA, USA ), 2003. Piscataway ( NJ, USA ): IEEE,2003. 62 - 75
9Lindqvist U, Jonsson E. How to Systematically Classify Computer Security Intrusions. In: Proceedings of the 1997 IEEE Symposium on Research in Security and Privacy. Oakland (CA, USA), 1997. Piscataway(NJ, USA): IEEE, 1997.154 - 163
10Sekar R, Cai Y. Classification of CERT/CC Advisories from 1993 to 1998. http://seclab. cs. sunysb. edu/sekar/papers/cert. htm, 2003

1王宇,刘文予,罗宁.基于扩充数据源的系统调用异常检测算法[J].计算机与数字工程,2006,34(1):13-16. 被引量：3
2张晨阳.建立程序白名单[J].网络运维与管理,2014(11):122-122.
3武妍,施鸿宝.一种遗传算法、模糊推理和BP算法相结合训练前向神经网络的方法[J].计算机工程,1997,23(S1):252-255. 被引量：2
4冯少荣.利用XML和Java建立程序生成器[J].计算机工程与设计,2004,25(8):1419-1422.
5覃方君,田蔚风,李安,卞鸿巍.基于遗传算法的神经网络控制器在导航系统中的应用[J].计算机仿真,2005,22(1):107-109. 被引量：3
6罗韬.新一代无线传感器网络操作系统分析[J].黑龙江科技信息,2009(15):19-19.
7李铁松,赵光.VFP的面向对象编程在数学中的应用[J].保定学院学报,2010,23(3):67-69.
8肖英.基于Java的数据库连接技术与实例[J].科技传播,2013,5(11):204-205.
9gaogao.快速启动栏也要“酷”到底[J].网友世界,2004(16):66-67.
10景凤宣,卢涵宇,连红.IPv6环境下AS追踪技术的改进[J].贵州师范大学学报（自然科学版）,2010,28(1):66-69. 被引量：2

电子工程师

2005年第7期

浏览历史

内容加载中请稍等...

一种基于系统调用异常检测的改进算法

参考文献10

相关作者

相关机构

相关主题

浏览历史