基于免疫原理的非法系统调用的检测

Detection of abnormal system call based on immunology

下载PDF

导出

摘要入侵检测系统依赖于大量的数据检测以区别合法和非法的行为。通过检测操作系统内核的系统调用序列,应用免疫原理中的否定选择算法,以区分合法与非法的系统调用。实验验证了该方法的可行性和有效性。 Intrusion detection systems rely on a wide variety of observable data to distinguish between legitimate and illegitimate activities. This paper studied one such observable ： sequences of system calls into the kernel of an operating system. This paper presented a novelty detection algorithm inspired by the negative selection mechanism of the immune system, which discriminated between self and other. The experiments verify the feasibility and effectiveness of this method.

作者黄杰李涛

机构地区四川大学计算机学院

出处《计算机应用研究》 CSCD 北大核心 2007年第8期165-166,共2页 Application Research of Computers

基金教育部新世纪优秀人才计划资助项目(NCET-04-0870)

关键词计算机免疫系统调用否定选择 computer immunology system call negative selection

分类号 TP309.5 [自动化与计算机技术—计算机系统结构]

引文网络
相关文献

参考文献12

1HOFMEYR S A,SOMAYAJI A,FORREST S,et al.A sense of self for UNIX processes[C]//Proc of IEEE Symposium on Security and Privacy.Oakland:IEEE Press,1996:120-128.
2HOFMEYR S A,SOMAYAJI A,FORREST S.Intrusion detection using sequences of system calls[J].Journal of Computer Security,1998,6:151-180.
3BERNASCHI M,GABRIELLI E,MANCINI L V.REMUS:a security-enhanced operating system[C]//Proc of ACM Trans on Information and System Security.Washington,DC:IEEE,2002.
4SURESH N C,CHENG P C.Bluebox:a policy-driven,host-based intrusion detection system[C]//Proc of the ISOC Symposium on Network and Distributed System Security.San Diego,CA:[s.n.],2002:46-50.
5WESPI A,DACIER M,DEBAR H.Intursion detection using variabel-length audit trail patterns[C]//Recent Advances in Intrusion Detection.Toulon,France:[s.n.],2000:110-129.
6ENDLER D.Intrusion detection:applying machine learning to solarit audit data[C]//Proc of Annual Computer Security Application Conference.Los Alamitos,CA:IEEE Computer Society Press,1989.
7WENKE L,SALVATORE J S,et al.Real-time data mining based intrusion detection[C]//Proc of DISCEX Ⅱ.Anaheim:ACM Press,2001:15-20.
8WANGNER D,SOTO P.Mimicry attact on host-based intusion detection system[C]//Proc of the 9th ACM Conference on Computer and Communications Security.Washington,DC:IEEE,2002:50.
9高超,王丽君.基于系统调用的入侵检测技术研究[J].信息安全与通信保密,2005(7):332-336. 被引量：3
10WARRENDER C,FORREST S,PEARLMUTTER B.Detecting intrusions using system calls:alternative data models[C]//Proc of IEEE Symposium on Security and Privacy.Los Alamitos:IEEE,1999:133-145.

二级参考文献32

1G Fink, K Levitt. Property-based Testing ofPrivileged Programs .In: Proceedings of The 10^th Annual Computer Security Applications Conference,1994-12-5～9: 154～163.
2Bernaschi M, Gabrielli E, Mancini LV.REMUS: A Security-Enhanced Operating System.ACM Trans .on Information and System Security,2002, 5(1): 36～61.
3Suresh N.Chari, Pau-Chen Cheng. BlueBox:A Policy-driven,Host-Based Intrusion Detection System. ACM Trans.On Information and System Security, 2003, 6(2): 173～200.
4C Kruegel et al .On The Detection of Anomalous System Call Arguments. In Proceeding of ESORICS 2003, October 2003.
5Niels Provos. Improving Host Security with System Call Policies .In Proceedings of the 12^th USEUIX Security Symposium, Washington, DC, 2003.
6Calvin Ko et al, Detecting and Countering System Intrusions Using Software Wrappers. In the Proceedings of the 9th USENIX Security Symposium,Denver, Colorado, August 14-17, 2000.
7S Forrest, S A Hofmeyr,A Somayaji et al .A Sense of Self for Unix Processes. In: Proceedings of the IEEE Symposium on Security and Privacy,1996: 120～128.
8S A Hofmeyr, S Forrest et al. Intrusion Detection Using Sequences of System Calls. Jouranl of Computer Security, 1998; 6:151～180.
9C Warrender et al. Detecting Intrusions Using System Calls: Alternative Data Models. In: Proceedings of the 1999 IEEE Symposium on Security and Privacy, 1999-05.
10H Debar et al. Fixed vs. Variable-length Patterns for Detecting Suspicious Process Behavior. In: jean-Jacques Quisquater,Yves Deswarte,Catherine Meadows eds.Computer Security-ESORICS 98.5^th European Symposium on Research in Computer Security,LINCS,Louvain-la-Neuve,Belgium,1998-0:1～15.

共引文献2

1王晓菲.复杂网络环境下计算机病毒安全检测系统设计[J].饮食科学,2019,0(18):200-200.
2陈伟杰.基于人工智能的网络安全防御系统设计研究[J].中国新通信,2019,0(15):149-150. 被引量：5

1李梦雨.关于系统调用的发展研究综述[J].河北经贸大学学报（综合版）,2010,10(1):124-127.
2李斌.基于人工免疫系统的计算机网络安全策略[J].太原科技,2007(8):94-95.
3金章赞,廖明宏,肖刚.否定选择算法综述[J].通信学报,2013,34(1):159-170. 被引量：31
4徐漫江,顾刚.系统调用序列中关联规则的挖掘及其应用[J].计算机系统应用,2004,13(4):26-28.
5姜恩龙,张凤斌,杨洋,刘悦.基于海明匹配的r连续位匹配规则的研究[J].哈尔滨理工大学学报,2007,12(5):91-93. 被引量：7
6范轶彦,郭国强,朱利群.基于系统调用序列的入侵检测模型[J].西华大学学报（自然科学版）,2005,24(3):75-77.
7程永新,许家珆.一种新型检测器生成算法模型[J].哈尔滨工程大学学报,2006,27(B07):252-256.
8张小梅.一种分段检测器集合生成算法的研究与实现[J].微型机与应用,2012,31(15):73-74.
9叶仕通,万智萍.基于C#.NET的网络实验室串口通信工具的开发[J].信息技术,2012,36(3):184-186.
10孙国铭.学点儿JavaScript：数据的自动处理[J].电脑界（电脑高手）,2000(10):86-88.

计算机应用研究

2007年第8期

浏览历史

内容加载中请稍等...

基于免疫原理的非法系统调用的检测

参考文献12

二级参考文献32

共引文献2

相关作者

相关机构

相关主题

浏览历史