Intrusion Detection Method for Program Vulnerability via Library Calls 被引量：1

Intrusion Detection Method for Program Vulnerability via Library Calls

下载PDF

导出

摘要 Library function call sequence is the direct reflection of a program＇s behavior. The relationship between program vulnerability and library calls is analyzed, and an intrusion detection method via library calls is proposed, in which the short sequences of library call are used as signature profile. In this intrusion detection method, library interposition is used to hook library calls, and with the discussion of the features of the library call sequence in detail, an algorithm based on information-theory is applied to determine the appropriate length of the library call sequence. Experiments show good performance of our method against intrusions caused by the popular program vulnerabilities. Library function call sequence is the direct reflection of a program＇s behavior. The relationship between program vulnerability and library calls is analyzed, and an intrusion detection method via library calls is proposed, in which the short sequences of library call are used as signature profile. In this intrusion detection method, library interposition is used to hook library calls, and with the discussion of the features of the library call sequence in detail, an algorithm based on information-theory is applied to determine the appropriate length of the library call sequence. Experiments show good performance of our method against intrusions caused by the popular program vulnerabilities.

作者 DUAN Xuetao ZHONG Anming LI Ying JIA Chunfu

机构地区 College of Information Technology and Science College of Information Science and Technology

出处《Wuhan University Journal of Natural Sciences》 CAS 2007年第1期126-130,共5页 武汉大学学报（自然科学英文版）

基金 Supported by the Science and Technology Development Project Foundation of Tianjin (033800611, 05YFGZGX24200)

关键词 intrusion detection program vulnerability library call information entropy intrusion detection program vulnerability library call information entropy

分类号 G251 [文化科学—图书馆学]

引文网络
相关文献

参考文献10

1Forrests S,,Steven A H.A Sense of Self for UNIX Processes[].Proceedings of the IEEE Symposium on Security and Privacy.1996
2Jones M B.Interposition Agents: Transparently Interposing User Code at the System Interface[].Proceedings of the th Symposium on Operating Systems Principles.1993
3Jones A K,,Yu L.Application Intrusion Detection Using Language Library Calls[].Proceeding of th Annual Computer Security Applications Conference.2001
4Viega J,,Bloch J T,Kohno Y, et al.A Static Vulnerability Scanner for C and C++ Code[].Proceedings of the th Annual Computer Security Applications Conference.2000
5Cowan C,Beattie S,Johansen J,et al.PointGuard: Protecting Pointers from Buffer Overflow Vulnerabilities[].Proceedings of th USENIX Security Symposium.2003
6Cowan C,,Pu C,Maier D.Stack-Guard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks C][].Proceedings of the th USENIX Security Conference.1998
7Curry T W.Profiling and Tracing Dynamic Library Usage via Interposition[].USENIX Summer TechnicalConference.1994
8Kuperman B A,,Spafford E.Generation of Application Level Audit Data via Library Interposition[]..1999
9Lee W,,Dong X.Information-Theoretic Measures for Anomaly Detection[].Proceedings of the IEEE Symposium on Security and Privacy.2001
10Steven A H,,Stephanie F,Anil S.Intrusion Detection Using Sequences of System Calls[].Journal of Computer Security.1998

同被引文献4

1Forrest S, Hofmeyr A. A Sense of Self for Unix Processes[C]// Proceedings of 1996 IEEE Symposium on Security and Privacy. Oakland, USA: IEEE Press, 1996.
2Anita K, Yu Lin. Application Intrusion Detection Using Language Library Calls[C]//Proc. of the 17th Annual Computer Security Applications Conference. New Orleans, USA: IEEE Press, 2001.
3Warrender C, Forest S. Detection Intrusion Using System Calls: Alternative Data Models[C]//Proceedings of 1999 IEEE Symposium on Security and Privacy. Oakland, USA: IEEE Press, 1999.
4Forrest S. Computer Immune Systems[EB/OL]. (2008-12-12). http:// www.cs.unm.edu/-immsec/data/SM/CERT/.

引证文献1

1段雪涛,贾春福.基于双空间审计迹的Linux安全审计技术[J].计算机工程,2009,35(18):130-132.

1孙德海,王一然.谈图书情报机构人本管理问题[J].理论界,2003(4):88-88. 被引量：1
2INSTRUCTIONS TO AUTHORS[J].World Journal of Gastroenterology,2012,18(38).
3卢儒珍.图书馆函数成立条件分析[J].大学图书馆学报,2003,21(3):26-28. 被引量：3
4双城情报[J].消费,2009(19).
5四川师范大学学报(社会科学版)文稿格式暂行条例[J].四川师范大学学报（社会科学版）,1994,21(1):144-144.
6To serve and promote science development via innovation[J].Bulletin of the Chinese Academy of Sciences,2008,22(1):2-3.
7罗超男.维亚康姆：内容帝国的数字化思考[J].广告大观（媒介版）,2013(4):36-40. 被引量：1
8吴非.美国媒体社会新闻报道的失衡[J].新闻知识,2005(4):24-26. 被引量：2
9贾彦峰.网络对抗、弱势逆袭与文化断裂:层序格局下阶层对抗的异动[J].湖北社会科学,2016(11):26-32. 被引量：4
10生活空间，默契互动——2008VIA创新资助奖揭晓[J].Design（产品设计）,2008(3):18-21.

Wuhan University Journal of Natural Sciences

2007年第1期

浏览历史

内容加载中请稍等...

Intrusion Detection Method for Program Vulnerability via Library Calls 被引量：1

参考文献10

同被引文献4

引证文献1

相关作者

相关机构

相关主题

浏览历史