For program behavior-based anomaly detection, the only way to ensure accurate monitoring is to construct an efficient and precise program behavior model. A new program behavior-based anomaly detection model, called co...For program behavior-based anomaly detection, the only way to ensure accurate monitoring is to construct an efficient and precise program behavior model. A new program behavior-based anomaly detection model, called combined pushdown automaton (CPDA) model was proposed, which is based on static binary executable analysis. The CPDA model incorporates the optimized call stack walk and code instrumentation technique to gain complete context information. Thereby the proposed method can detect more attacks, while retaining good performance.展开更多
This paper presents a new method based on a second-order stochastic model for computer intrusion detection.The results show that the performance of the second-order stochastic model is better than that of a first-orde...This paper presents a new method based on a second-order stochastic model for computer intrusion detection.The results show that the performance of the second-order stochastic model is better than that of a first-order stochastic model.In this study,different window sizes are also used to test the performance of the model.The detection results show that the second-order stochastic model is not so sensitive to the window size,comparing with the first-order stochastic model and other previous researches.The detection result of window sizes 6 and 10 is the same.展开更多
文摘For program behavior-based anomaly detection, the only way to ensure accurate monitoring is to construct an efficient and precise program behavior model. A new program behavior-based anomaly detection model, called combined pushdown automaton (CPDA) model was proposed, which is based on static binary executable analysis. The CPDA model incorporates the optimized call stack walk and code instrumentation technique to gain complete context information. Thereby the proposed method can detect more attacks, while retaining good performance.
基金Supported by the National Natural Science Foundation of China (No.60473030).
文摘This paper presents a new method based on a second-order stochastic model for computer intrusion detection.The results show that the performance of the second-order stochastic model is better than that of a first-order stochastic model.In this study,different window sizes are also used to test the performance of the model.The detection results show that the second-order stochastic model is not so sensitive to the window size,comparing with the first-order stochastic model and other previous researches.The detection result of window sizes 6 and 10 is the same.
