期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

一种基于控制流的程序行为扩展模型 被引量:8

A Control Flow Based Program Behavior Extended Model
下载PDF
导出
摘要 提出一种基于控制流的程序行为扩展模型EMPDA(extended model based on push down automaton).对控制流模型加入不变性约束扩展,该模型能够表达程序正常运行时所应保持的不变性质约束,增强了模型的监控能力;通过以实际应用区分系统调用重要性,将模型划分为核心模型和辅助模型,以降低模型整体消耗,提高模型学习效率.实验结果表明,该扩展模型较之原模型有更好的覆盖速度、误报率以及检测能力. This paper presents a control-flow-based program behavior extended model EMPDA (extended model based on push down automaton) by adding invariance constraints to control flow model, which can describe some invariance properties while a program is running safely, and enhance the ability of intrusion detection. By distinguishing the importance of system calls according to practical applications, this paper divides the program behavior model into core model and secondary model to reduce the workload of the model and improve the learning efficiency. Experimental results show that the extended model has better performances in many aspects, such as coverage speed, false positive rate and the capability of intrusion detection.
作者 陆炜 曾庆凯
机构地区 南京大学 计算机软件新技术国家重点实验室
出处 《软件学报》 EI CSCD 北大核心 2007年第11期2841-2850,共10页 Journal of Software
基金 Nos.60473053 60773170(国家自然科学基金) Nos.2004AA147070 2006AA01Z432(国家高技术研究发展计划(863)) No.BK2005074(江苏省自然科学基金)~~
关键词 程序行为模型 异常检测 控制流 不变性约束 系统调用 program behavior model anomaly detection control flow invariance constraint: system call
分类号 TP393 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献1

二级参考文献18

  • 1Debar H, Dacier M, Wespi A. Toward a taxonomy of intrusion-detection systems. Computer Networks, 1999,31(8):805-822. 被引量:1
  • 2Ye N, Li XY, Chen Q, Emran SM, Xu MM. Probabilistic techniques for intrusion detection based on computer audit data IEEE Trans. on Systems, Man, and Cybernetics-Part A: Systems and Humans, 2001,31(4):266-274. 被引量:1
  • 3Ko C, Fink G, Levitt K. Automated detection of vulnerabilities in privileged programs byexecution monitoring. In: Proc. of the 10th Annual Computer Security Applications Conf Orlando: IEEE Computer Society Press 1994. 134~144. 被引量:1
  • 4Bernaschi M, Gabrielli E, Mancini LV. REMUS: A security-enhanced operating system. ACM Trans. on Information and System Security, 2002,5(1):36-61. 被引量:1
  • 5Goldberg I, Waqner D, Thomas R, Brewer EA. A secure environment for untrusted helper applications. In: Proc. of the 6th USENIX UNIX Security Symp San Jose: USENIX, 1996. 1-13. 被引量:1
  • 6Marty R. Snort-Lightweight intrusion detection for networks In: Proc. of the 13th Conf. on Systems Administration. Washington:USENIX, 1999.229-238. 被引量:1
  • 7Warrender C, Forrest S, Pearlmutter B. Detecting intrusions using system calls:alternative data models. In: Proc. of the 1999 IEEE Symp. on Security and Privacy. Oakland: IEEE Computer Society Press, 1999. 133~145. 被引量:1
  • 8Hofmeyr SA, Forrest S, Somayaji A. Intrusion detection using sequences of system calls Journal of Computer Security, 1998,6(3):151-180. 被引量:1
  • 9Lee W, Stolfo S J, Chan PK, Eskin E, Fan W, Miller M, Hershkop S, 2hang J. Real time data mining-based intrusion detection. In:Proc. of the 2nd DARPA Information Survivability Conf & Exposition II. Anaheim: IEEE Computer Society Press, 2001.89 ~100. 被引量:1
  • 10Lee SC, Heinbuch DV. Training a neural-network based intrusion detector to recognize novel attacks, IEEE Trans. on Systems,Man, and Cybernetics-Part A: Systems and Humans, 2001,31(4):294-299. 被引量:1

共引文献26

同被引文献239

引证文献8

二级引证文献18

软件学报
2007年 第11期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部