摘要
To check whether a program behaves in expectation, program monitoring systems are used for intrusion detection. This article presents a program monitoring system using automaton simulation based on the state graphs extracted from C programs through static analysis. For complete state graph construction, a pointer alias analysis method is proposed to solve the function pointers for obtaining actual control flows. After compiling, pro- grams are instrumented with probes to report the internal states when they are running. A program monitor is built in the kernel of Linux system, which monitors the states of programs from probes and checks the paths of execution. This monitoring system could respond to the abnormal behaviors immediately to protect the sys- tems and programs from further damages.
To check whether a program behaves in expectation, program monitoring systems are used for intrusion detection. This article presents a program monitoring system using automaton simulation based on the state graphs extracted from C programs through static analysis. For complete state graph construction, a pointer alias analysis method is proposed to solve the function pointers for obtaining actual control flows. After compiling, pro- grams are instrumented with probes to report the internal states when they are running. A program monitor is built in the kernel of Linux system, which monitors the states of programs from probes and checks the paths of execution. This monitoring system could respond to the abnormal behaviors immediately to protect the sys- tems and programs from further damages.
基金
Supported by National Natural Science Foundation of China(91118003,61003071)
Special Funds for Shenzhen Strategic New Industry Development(JCYJ20120616135936123)
the Fundamental Research Funds for the Central Universities(3101046,201121102020006)
