Model for Software Behaviour Detection Based on Process Algebra and System Call 被引量：1

基于进程代数和系统调用的软件行为检测模型（英文）

下载PDF

导出

摘要 Behaviour detection models based on automata have been studied widely. By add- ing edge ε, the local automata are combined into global automata to describe and detect soft- ware behaviour. However, these methods in- troduce nondeterminacy, leading to models that are imprecise or inefficient. We present a model of software Behaviour Detection based on Process Algebra and system call （BDPA）. In this model, a system call is mapped into an action, and a function is mapped into a process We construct a process expression for each function to describe its behaviour. Without con- strutting automata or introducing nondeter- minacy, we use algebraic properties and algo- rithms to obtain a global process expression by combining the process expressions derived from each function. Behaviour detection rules and methods based on BDPA are determined by equivalence theory. Experiments demon- strate that the BDPA model has better preci- sion and efficiency than traditional methods. Behaviour detection models based on automata have been studied widely.By adding edgeε,the local automata are combined into global automata to describe and detect software behaviour.However,these methods introduce nondeterminacy,leading to models that are imprecise or inefficient.We present a model of software Behaviour Detection based on Process Algebra and system call(BDPA).In this model,a system call is mapped into an action,and a function is mapped into a process.We construct a process expression for each function to describe its behaviour.Without constructing automata or introducing nondeterminacy,we use algebraic properties and algorithms to obtain a global process expression by combining the process expressions derived from each function.Behaviour detection rules and methods based on BDPA are determined by equivalence theory.Experiments demonstrate that the BDPA model has better precision and efficiency than traditional methods.

作者申利民王涛马川

机构地区 College of Information Science and Engineering The Key Laboratory for Computer Virtual Technology and System Integration of Hebei Province Hebei Normal University of Science and Technology

出处《China Communications》 SCIE CSCD 2013年第11期24-36,共13页 中国通信（英文版）

基金 supported by the Fund of National Natural Science Project under Grant No.61272125 the Specialized Research Fund for the Doctoral Program of Higher Education under Grant No.20121333110014 the Hebei Provincial Natural Science Foundation under Grant No.F2011203234

关键词 intrusion detection software be-haviour model static analysis process algebra system call 检测模型系统调用检测软件代数和行为进程运算法则代数性质

分类号 TP311.53 [自动化与计算机技术—计算机软件与理论]

引文网络
相关文献

参考文献21

1FORREST S, HOFMEYR S A, SOMAYAJI A, et al. A Sense of Self for Unix Processes[C]// Proceedings of 1996 IEEE Symposium on Security and Privacy: May 6-8, 1996. Oakland, CA, USA. IEEE Press, 1996: 120-128.
2HOFMEYR S A, FORREST S, SOMAYAJI A. Intrusion Detection Using Sequences of System Calls[J]. Journal of Computer Security, 1998, 6(3): 151-180.
3HELMAN P, BHANGOO J. A Statistically Based System for Prioritizing Information Exploration under Uncertainty[J]. IEEE Transactions on Systems, Man and Cybernetics, Part A: Systems and Humans, 1997, 27(4): 449-466.
4LEE W, STOLFO S J. Data Mining Approaches for Intrusion Detection[C]// Proceedings of the 7th USENIX Security Symposium: January 26- 29, 1998. San Antonio, TX, USA, 1998: 26-40.
5LEE W, STOLFO S J, CHAN P K. Learning Patterns from U nix Process Execution Traces for Intrusion Detection[C]// Proceedings of the AAAI Workshop on AI Approaches to Fraud and Risk Management: July 27-28, 1997. Providence, Rhode Island, USA. AAAI Press, 1997: 50-56.
6SEKAR R, BENDRE M, BOLLINENI P. et al. A Fast Automaton-Based Method for Detecting Anomalous Program Behaviors[c]// Proceedings of 2001 IEEE Symposium on Security and Privacy (S&P 2001): May 14-16, 2001. Oakland, CA, USA. IEEE Press, 2001: 144-155.
7WAGNER D, DEAN D. Intrusion Detection via Static Analysis[C]// Proceedings of 2001 IEEE Symposium on Security and Privacy (S&P 2001): May 14-16, 2001.0akland, CA, USA. IEEE Press, 2001: 156-168.
8GIFFIN J, JHA S, MILLER B. Detecting Manipulated Remote Call Streams[C]// Proceedings of the 11th USENIX Security Symposium: August 8-12,2002. San Francisco, CA, USA, 2002: 61-79.
9GIFFIN J, JHA S, MILLER B. Efficient ContextSensitive Intrusion Detection[C]// Proceedings of the 11th Network and Distributed System Security Symposium: February 5-6, 2004. San Diego, CA, USA, 2004.
10GOPALAKRISHNA R, SPAFFORD E H, VITEK J. Efficient Intrusion Detection Using Automaton Inlining[C]// Proceedings of 2005 IEEE Symposium on Security and Privacy: May 8-11, 2005. Oakland, CA, USA. IEEE Press, 2005: 18-31.

二级参考文献71

1朱维军,王忠勇,张海宾.Intrusion Detection Algorithm Based on Model Checking Interval Temporal Logic[J].China Communications,2011,8(3):66-72. 被引量：5
2张燕,傅建明,孙晓梅.一种基于模型检查的入侵检测方法[J].武汉大学学报（理学版）,2005,51(3):319-322. 被引量：4
3苏璞睿,杨轶.基于可执行文件静态分析的入侵检测模型[J].计算机学报,2006,29(9):1572-1578. 被引量：14
4Denning D. An intrusion detection model. IEEE Trans. on Software Engineering, 1987,13(2):222-232.
5Forrest S. A sense of self for UNIX processes. In: Proc. of the IEEE Symp. on Security and Privacy. Oakland: IEEE Press, 1996. 120-128. http://www.cs.unm.edu/-forrest/publications/ieee-sp-96-unix.pdf
6Hofmeyr SA, Forrest S, Somayaji A. Intrusion detection using sequences of system calls. Journal of Computer Security, 1998, 6(3):151-180.
7Helman P, Bhangoo J. A statistically based system for prioritizing information exploration under uncertainty. IEEE Trans. on Systems, Man and Cybernetics, Part A: Systems and Humans, 1997,27(4):449466.
8Lee W, Stolfo SJ. Data mining approaches for intrusion detection. In: Proc. of the 7th USENIX Security Syrup. San Antonio, 1998. 26-40. http://www.usenix.org/publications/library/proceedings/sec98/full_papers/lee/lee.pdf
9Lee W, Stolfo SJ, Chan PK. Learning patterns from UNIX process execution traces for intrusion detection. In: AAAI Workshop on AI Approaches to Fraud Detection and Risk Management. AAAI Press, 1997. 50-56. http://www.cc.gatech.edu/-wenke/papers/ osid paper.ps
10Sekar R, Bcndre M, Bollineni P, Dhurjati D. A fast Automaton-Based method for detecting anomalous program behaviors. In: IEEE Symp. on Security and Privacy. Oakland: IEEE Press, 2001. 144-155. http://www.cc.gatech.cdu/-wcnkc/ids-readings/automaton. pdf

共引文献48

1田俊峰,朱叶.Trust Shell Based Constitution Model of Trusted Software[J].China Communications,2011,8(4):11-22. 被引量：2
2谢丰,谢丽霞.一种增强的程序行为异常检测方法[J].计算机科学,2010,37(3):64-66.
3陶芬,尹芷仪,傅建明.基于系统调用的软件行为模型[J].计算机科学,2010,37(4):151-157. 被引量：15
4YU Fajiang,YU Yue.Static Analysis-Based Behavior Model Building for Trusted Computing Dynamic Verification[J].Wuhan University Journal of Natural Sciences,2010,15(3):195-200.
5杨晓晖,周学海,田俊峰,李珍.一个新的软件行为动态可信评测模型[J].小型微型计算机系统,2010,31(11):2113-2120. 被引量：12
6吴瀛,江建慧,张蕊.基于系统调用的入侵检测研究进展[J].计算机科学,2011,38(1):20-25. 被引量：9
7黄金钟,朱淼良.基于程序的异常检测研究综述[J].计算机科学,2011,38(6):7-13. 被引量：3
8黄金钟,朱淼良.YACC技术在网络入侵检测中的应用[J].计算机应用与软件,2011,28(10):1-3. 被引量：1
9张澎,高守平,王鲁达.基于量子遗传算法优化神经网络的入侵检测[J].计算机工程,2011,37(23):124-126. 被引量：2
10Fang Xianjin,Song Danjie.Dendritic Cells Algorithm and Its Application to Nmap Portscan Detection[J].China Communications,2012,9(3):145-152. 被引量：1

同被引文献3

1李闻,戴英侠,连一峰,冯萍慧.基于混杂模型的上下文相关主机入侵检测系统[J].软件学报,2009,20(1):138-151. 被引量：31
2孔德光,谭小彬,奚宏生,帅建梅,宫涛.多线程程序时序分析的隐Markov模型[J].软件学报,2010,21(3):461-472. 被引量：7
3傅建明,陶芬,王丹,张焕国.基于对象的软件行为模型[J].软件学报,2011,22(11):2716-2728. 被引量：20

引证文献1

1王涛,马川,申利民.一种面向分布式系统的行为分析和检测方法[J].华中科技大学学报（自然科学版）,2014,42(11):128-132. 被引量：1

二级引证文献1

1任莉君.基于Web Services技术的分布式在线销售系统的开发与实现[J].渤海大学学报（自然科学版）,2020,41(2):178-182. 被引量：1

1袁晓月,万珍珍,冯星.基于进程代数WS-CDL交互模式建模研究[J].江西科学,2014,32(6):878-883. 被引量：1
2石绥祥,夏登文,于戈.DSS模型系统建模与实现方法研究及其在海洋中的应用[J].海洋通报,2005,24(1):69-76.
3李红娇,李建华.A two-phase system call arguments attribute analyzing method[J].Journal of Harbin Institute of Technology(New Series),2008,15(4):573-577.
4肖芳雄,李燕,黄志球,曹子宁,陈哲,范大娟.基于时间概率代价进程代数的Web服务组合建模和分析[J].计算机学报,2012,35(5):918-936. 被引量：14
5YuanFeng Ming-ShengYing.Process Algebra Approach to Reasoning About Concurrent Actions[J].Journal of Computer Science & Technology,2004,19(3):364-373. 被引量：1
6梁意文,汪朝霞,刘冬梅.基于食物链的计算机免疫多识别器协同识别模型[J].计算机工程与应用,2002,38(5):147-149. 被引量：1
7李梦君,李舟军,陈火旺.基于进程代数的安全协议分析与验证[J].计算机科学,2003,30(6):23-26.
8杨非,黄浩.A Polynomial Time Algorithm for Checking Regularity of Totally Normed Process Algebra[J].Journal of Shanghai Jiaotong university(Science),2015,20(3):273-280.
9肖芳雄,黄志球,曹子宁,屠立忠,祝义.Web服务组合功能与QoS的形式化统一建模和分析[J].软件学报,2011,22(11):2698-2715. 被引量：22
10肖芳雄,黄志球,曹子宁,张君华,覃志东.一种扩展了价格信息的进程代数[J].南京航空航天大学学报,2009,41(1):69-74. 被引量：2

China Communications

2013年第11期

浏览历史

内容加载中请稍等...