摘要
针对并发行为难以描述和检测的问题,引入进程代数对系统调用序列进行分析,提出一种描述和检测并发行为的模型。首先通过静态分析二进制码得到系统的控制流程图,并对流程图进行分析生成进程表达式;接着针对并发行为的互斥和同步关系重写表达式,向表达式中添加并发操作;然后通过扩展进程代数的性质和运算法则构造出动作、算子和进程3个基本元素,进而建立了模型;最后给出并发行为检测的方法并对模型的时空效率进行了分析和验证。理论分析和实验表明,所提出的方法具有线性的时间和空间复杂度。
By introducing process algebra to analyze system call sequences, a model of description and detection concurrent behavior was presented. Firstly, control flow graphs of system (CFGs) were generated by static binary code analysis. Secondly, by analyzing CFGs, process expressions were generated. Then according to synchronization and mutex of concurrent behaviors, process expressions were rewritten by adding concurrent operation. By extending algebraic properties and algorithms, three basic elements ( action, operator and process) were constructed. Finally, the CBDPA model was constructed and concurrent behavior detection methods were given. Ex- periments demonstrated that this method has linear space-time complexity.
出处
《四川大学学报(工程科学版)》
EI
CAS
CSCD
北大核心
2014年第1期35-40,共6页
Journal of Sichuan University (Engineering Science Edition)
基金
国家自然科学基金资助项目(61272125)
教育部高等学校博士学科点专项科研基金资助项目(20121333110014)
河北省自然科学基金资助项目(F2011203234)
关键词
入侵检测
并发行为
静态分析
进程代数
系统调用
intrusion detection
concurrent behavior
static analysis
process algebra
system call
