基于程序合法作用域的入侵检测系统的研究

Intrusion detection based on program’s legal function area

下载PDF

导出

摘要通过分析应用程序在执行时的系统调用序列,提出了一种新的基于程序合法作用域的入侵检测方法。合法作用域的建立以程序的系统调用信息为依据,并采用了有限状态自动机对其进行建模,每一个合法作用域由一个状态来表示,它包含程序运行时的有效用户标示和有效组标示,然后据此检测系统的异常行为。实验结果表明,该方法可以检测到利用应用程序代码漏洞而发起的攻击,并且有较低的错误警报率。 By analyzing the system calls of a running process,a new intrusion detection method based on application’s ＂Legal Function Area＂is proposed.The ＂ Legal Function Area＂ is established by analyzing the system call information,and it is modeled by using finite-state machine,and every ＂ Legal Function Area ＂ is represented by one state which includes the euid and egid of the running process.A preliminary experiment shows that the new method can detect various attacks towards code vulnerabilities,and has a low false positive.

作者张之帆王以刚

机构地区东华大学计算机科学与技术学院

出处《计算机工程与设计》 CSCD 北大核心 2010年第13期2966-2968,2975,共4页 Computer Engineering and Design

关键词入侵检测合法作用域有限状态自动机有效用户标示有效组标示 intrusion detection legal function area finite-state machine effective user id effective group id

分类号 TP309 [自动化与计算机技术—计算机系统结构]

引文网络
相关文献

参考文献8

1Forrest S,Hofmeyr S A,Somayaji A,et al.A sense of self for unix processes[J].IEEE Symposium on Computer Security and Privacy,1996(1):120-128.
2Feng H H,Kolesnikov O M,Fogla P,et al.Anomaly detection using call stack information[C].Proceedings of the IEEE Symposium on Security and Privacy,2003.
3Lorenzo Martignoni,Elizabeth Stinson.A layered architecture for detecting malicious behaviors[J].Recent Advances in Intrusion Dctection,2008,5230:78-97.
4Danilo Bruschi,Lorenzo Cavallaro,Andrea Lanzi.Static analysis on x86 executables for preventing automatic mimicry attacks[J].Detection of Intrusions and Malware and Vulnerability Assessment,2007,4579:213-230.
5Alessandro Frossi,Federico Maggi,Gian Luigi Rizzo,et al.Selecting and improving system call models for anomaly detection[J].Detection of Intrusions and Malware and Vulnerability Assessment,2009,5587:206-223.
6Ilgun K,Kemmerer R A.State transition analysis:a rule-based intrusion detection approach[J].IEEE Transactions on Software Engineering,1995,21:181-199.
7David Wagner,Paolo Sow.Mimicry attacks on host-based intrusion detection systems[C].Proceedings of the 9th ACM Conference on Computer and Communications Security,2002:255-264.
81998-1999 DARPA intrusion detection evalnation[OL] ,http://www.ll.mit.edu/mission/communications/ist/corpora/ideval/index.html,Lincoln Laboratory.

1刘炳生.监视硬盘的好卫士[J].网管员世界,2008(11):115-115.
2印杰,李千目.软件代码漏洞的电子取证技术综述[J].软件,2015,36(12):49-59. 被引量：7
3本刊编辑部.代码安全[J].程序员,2004(8):68-68.
4许程明,樊来耀.利用数据仓库技术对高校MIS系统作二次开发[J].科技．人才．市场,2002(6):62-64.
5本地服务器存储胜过SAN[J].网络运维与管理,2013(5):8-8.
6窦增杰.基于功能模型的二进制代码漏洞发现技术[J].电信技术研究,2015,0(3):35-42.
7江立.基于Hadoop大数据分析的企业应用解决方案研究[J].福建电脑,2016,32(8):106-107. 被引量：1
8李忠健.Asp网站中Access数据库的安全防范[J].信息与电脑（理论版）,2010(4):5-5.
9近期Windows相关漏洞[J].网管员世界,2006(1):123-123.
10MS05020漏洞提升权限[J].黑客防线,2005(8):134-134.

计算机工程与设计

2010年第13期

浏览历史

内容加载中请稍等...

基于程序合法作用域的入侵检测系统的研究

参考文献8

相关作者

相关机构

相关主题

浏览历史