期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

系统调用序列分类的Motif方法及其在异常诊断中的应用

System Call Sequence Classification for Anomaly Diagnosis Using Motif Method
下载PDF
导出
摘要 系统调用序列分析应用于异常诊断时大都提取定长或变长的子序列作为系统行为的特征,没有考虑系统调用的语义,而某些系统调用的语义是与进程的功能相关的.本文利用特殊系统调用的语义,从系统调用序列中提取motif-同类序列中经常出现的并与一定功能相关的子序列作为特征,并用这些motif建立分类器对序列进行自动分类.将此方法应用到PC机的入侵检测和系统故障诊断,结果表明,以motif为特征对序列进行分类,不仅可以提高识别率,降低误警报率,而且可以明显降低特征空间的维数. System call sequences have been widely used for anomaly diagnosis. Traditional methods rely on fixed-length or variable-length patterns of the system calls to model program behavior. However,these techniques are all based on the mathematical rules,and do not consider the semantics of the events which might indicate the boundaries of program subtasks. This paper presents a novel approach to use system call semantics to extract the motif as the characterization of program behavior. A motif is an estimated paragraph of the system calls which might represent a program subtask. The results of two case studies on intrusion detection and root cause recognition on the personal computers demonstrate improved performance and more compact feature space over existing pattern-based methods.
作者 张相华 李继伟 江朝晖 冯焕清
机构地区 中国科学技术大学多媒体计算与通信教育部微软重点实验室
出处 《小型微型计算机系统》 CSCD 北大核心 2008年第8期1445-1449,共5页 Journal of Chinese Computer Systems
基金 多媒体计算与通信教育部-微软重点实验室科研基金项目(05071809)资助
关键词 系统调用序列 模式 分类 异常检测 system call sequence motif classification anomaly diagnosis
分类号 TP311 [自动化与计算机技术—计算机软件与理论]
  • 相关文献

参考文献15

  • 1Forrest S,Hofmeyr S A,Somayaji A,et al. A sense of self for Unix processes[C]. In: Proceedings of the IEEE Symposium on Research in Security and Privacy, Los Alamitos, CA. IEEE Computer Society Press, 1996,120-128. 被引量:1
  • 2Eskin E, Lee W, Stolfo S J. Modeling system calls for intrusion detection with dynamic window sizes [C]. In: Proceedings of DISCEX Ⅱ, Anaheim, CA. IEEE Computer Society Press, 2001,165-175. 被引量:1
  • 3Cabrera B D, Lewis L, Mehra R K. Detection and classification of intrusions and faults using sequences of system calls[J]. ACM SIGMOD Record, 2001,30(4) : 25-34. 被引量:1
  • 4Yuan C, Lao N, Wen J R,et al. Automated known problem diagnosis with event traces[C]. In: Proceedings of the 2006 EuroSys conference, Leuven, Belgium. ACM Press, 2006, 375- 388. 被引量:1
  • 5Wespi A, Dacier M, Debar H. Intrusion detection using variable-length audit trail patterns[C]. In: Proceedings of the Third International Workshop on Recent Advances in Intrusion Detection, Toulouse, France. Springer-Verlag, 2000,110-129. 被引量:1
  • 6Asa B H, Douglas B. Sequence motifs.. Highly predictive features of protein function[C]. In: Proceedings of Workshop on Feature Selection, Neural Information Processing Systems, 2003. 被引量:1
  • 7Blekas K, Fotiadis D I, Likas A. Motif-based protein sequence classification using neural networks[J]. Journal of Computational Biology, 2005,12(1) :64-82. 被引量:1
  • 8Hofmeyr S A, Forrest S, Somayaji A. Intrusion detection using sequences of system calls[J]. Journal of Computer Security, 1998,6(3):151-180. 被引量:1
  • 9Cohen W W. Fast effective rule induction[C]. In: Proceedings of the 12th International Conference on Machine Learning, Tahoe City, CA. Morgan Kaufmann,1995,115-123. 被引量:1
  • 10Wagner D, Dean D. Intrusion detection via static analysis[C]. In: IEEE Symposium on Security and Privacy, Oakland, CA. IEEE Computer Society Press,2001,156-169. 被引量:1

二级参考文献18

  • 1Debar H, Dacier M, Wespi A. Toward a taxonomy of intrusion-detection systems. Computer Networks, 1999,31(8):805-822. 被引量:1
  • 2Ye N, Li XY, Chen Q, Emran SM, Xu MM. Probabilistic techniques for intrusion detection based on computer audit data IEEE Trans. on Systems, Man, and Cybernetics-Part A: Systems and Humans, 2001,31(4):266-274. 被引量:1
  • 3Ko C, Fink G, Levitt K. Automated detection of vulnerabilities in privileged programs byexecution monitoring. In: Proc. of the 10th Annual Computer Security Applications Conf Orlando: IEEE Computer Society Press 1994. 134~144. 被引量:1
  • 4Bernaschi M, Gabrielli E, Mancini LV. REMUS: A security-enhanced operating system. ACM Trans. on Information and System Security, 2002,5(1):36-61. 被引量:1
  • 5Goldberg I, Waqner D, Thomas R, Brewer EA. A secure environment for untrusted helper applications. In: Proc. of the 6th USENIX UNIX Security Symp San Jose: USENIX, 1996. 1-13. 被引量:1
  • 6Marty R. Snort-Lightweight intrusion detection for networks In: Proc. of the 13th Conf. on Systems Administration. Washington:USENIX, 1999.229-238. 被引量:1
  • 7Warrender C, Forrest S, Pearlmutter B. Detecting intrusions using system calls:alternative data models. In: Proc. of the 1999 IEEE Symp. on Security and Privacy. Oakland: IEEE Computer Society Press, 1999. 133~145. 被引量:1
  • 8Hofmeyr SA, Forrest S, Somayaji A. Intrusion detection using sequences of system calls Journal of Computer Security, 1998,6(3):151-180. 被引量:1
  • 9Lee W, Stolfo S J, Chan PK, Eskin E, Fan W, Miller M, Hershkop S, 2hang J. Real time data mining-based intrusion detection. In:Proc. of the 2nd DARPA Information Survivability Conf & Exposition II. Anaheim: IEEE Computer Society Press, 2001.89 ~100. 被引量:1
  • 10Lee SC, Heinbuch DV. Training a neural-network based intrusion detector to recognize novel attacks, IEEE Trans. on Systems,Man, and Cybernetics-Part A: Systems and Humans, 2001,31(4):294-299. 被引量:1

共引文献26

小型微型计算机系统
2008年 第8期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部