期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

基于扩充数据源的系统调用异常检测算法 被引量:3

System Call Anomaly Detection Based on Extended Data Sources
下载PDF
导出
摘要 扩充了传统异常检测算法的数据源,将系统调用参数和系统调用频率信息纳入异常检测算法中。新的算法通过训练统计系统调用的频率信息,建立程序正常运行时的文件访问分布模型,以传统的基于系统调用的异常检测方法为基础,结合训练时得到的信息,确定攻击的优先级。实验结果表明,该方法有效的改善了原方法的检测率和误报率等指标。 In this paper, extended data sources, which include the parameters and frequencies of system calls, are used in detection algorithms. The basic idea is to record system call frequency information, construct file access distribution models of properly running programs at train phase, at detection phase, traditional methods are modified to take these information and models into account to detect attacks and determine priorities. Experiments show that our method can effectively improve detection rate, while its false positive performance is better than the other approaches.
作者 王宇 刘文予 罗宁
机构地区 华中科技大学电子与信息工程系
出处 《计算机与数字工程》 2006年第1期13-16,24,共5页 Computer & Digital Engineering
基金 湖北省自然科学基金资助项目(项目编号:2003ABA008)
关键词 系统调用 异常检测 调用参数 频率 扩展数据源 System Call, Anomaly Detection, Parameter, Frequency, Extended Data Sources
分类号 TP301.6 [自动化与计算机技术—计算机系统结构]
  • 相关文献

参考文献6

  • 1S. A. Hofmeyr, S. Forrest, and A. Somayaji. Intrusion detection using sequences of system calls. Journal of Computer Security, 1998, 6:151 - 180.
  • 2W. Lee and S. J- Stolfo. Data mining approaches for intrusion detection. In Proceedings of the 7th USENIX Security Symposium, 1998 .
  • 3Wagner, D., Dean, D. :Intrusion detection via static analysis. In Proceedings of the 2001 IEEE Symposium on Security and Privacy.
  • 4J.T. Giffin, S. Jim, B.P. Miller, Detecting Manipulated Remote Call Streams. In Proceedings of the 11th USENIX Security Symposium, 2002.
  • 5Sekar, R., Bendre, M., Dhurjati, D., Bollineni, P. A fast automaton- based method for detecting anomalous program behaviors. In Proceedings of the rEgg Symposium on Security and Privacy, IEEE Computer Society ,2001.
  • 6H. Feng, O. M. Kolesnikov, P. Fogla, W. Lee, et al.Anomaly Detection Using Call Stack Information. Proceedings of the 2003 IEEE Symposium on Security and Privacy.

同被引文献108

  • 1罗隽,丁力,潘志松,胡谷雨.异常检测中频率敏感的单分类算法研究[J].计算机研究与发展,2007,44(z2):235-239. 被引量:3
  • 2张相锋,孙玉芳,赵庆松.基于系统调用子集的入侵检测[J].电子学报,2004,32(8):1338-1341. 被引量:10
  • 3黄金钟,朱淼良,郭晔.基于文法的异常检测[J].浙江大学学报(工学版),2006,40(2):243-248. 被引量:3
  • 4林果园,郭山清,黄皓,曹天杰.基于动态行为和特征模式的异常检测模型[J].计算机学报,2006,29(9):1553-1560. 被引量:25
  • 5苏璞睿,杨轶.基于可执行文件静态分析的入侵检测模型[J].计算机学报,2006,29(9):1572-1578. 被引量:14
  • 6Ko C, Fink G, Levitt K. Automated detection of vulnerabilities in privileged programs by execution monitoring [C] // Procee- dings of the 10th Conference on Computer Security Applica tions. Los Alamitos, CA: IEEE Computer Society Press, 1994: 134-144.
  • 7Ko C,Ruschitzka M, Levitt K. Execution monitoring of security- critical programs in distributed systems: a specification-based approach[C]//Proceedings of the 1997 IEEE Symposium on Se- curity and Privacy. IEEE Computer Society Press, 1997 : 175-187.
  • 8Ko C. Logic induction of valid behavior specifications for intru- sion detection[C]//Proceedings of the 2000 IEEE Symposium on Security and Privacy. IEEE Computer Society Press, 2000: 142-153.
  • 9Sekar R, Bowen T, Segal M. On preventing intrusions by process behavior monitoring[C]//Proc, of the USENIX Intrusion De- tection Workshop. Santa Clara, USENIX, 1999 : 29-40.
  • 10Uppuluri P, Sekar R. Experiences with specification-based intru- sion detection[C]//Proc, of the 4th Int'l Symptom on Recent Advances in Intrusion Detection. Davis: Springer-Verlag, 2001 : 172-189.

引证文献3

二级引证文献8

计算机与数字工程
2006年 第1期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部