An intrusion detection system based on system call

被引：0

作者：

Shen, Yue ^{[1
]}

Yu, Fei ^{[1
]}

Zhang, Ling-Fen ^{[1
]}

An, Ji-Yao ^{[1
]}

Zhu, Miao-Liang ^{[1
]}

机构：

[1] Hunan Agr Univ, Sch Comp & Informat, Changsha 410128, Peoples R China

来源：

2005 1ST IEEE/IFIP INTERNATIONAL CONFERENCE IN CENTRAL ASIA ON INTERNET (ICI) | 2005年

关键词：

intrusion detection; anomalous intrusion detection; system call; finite-state automation machine;

D O I：

暂无

中图分类号：

TM [电工技术]; TN [电子技术、通信技术];

学科分类号：

0808 ; 0809 ;

摘要：

Intrusion detection is an efficient way to protect information system. This paper puts forward a new method of anomalous intrusion detection based on system call. It uses system calls regarded as input, and creates a FSA for the functions in the program. Then the FSA is used to detect the attack. Moreover, It can find the place of the vulnerability which exists in the program. This can help to alter the source program. Results are shown that this method is effective for some intrusion events.

引用

页码：150 / 153

页数：4

共 7 条

[1] Cai Zhong-min, 2002, Journal of System Simulation, V14, P377
[2] FEI Y, 2005, WUHAN U J NATURAL SC, V23, P169
[3] FEI Y, 2004, P 5 WORLD C INT CONT, V5, P4362
[4] Anomaly detection using call stack information
Feng, HHP
Kolesnikov, OM
Fogla, P
Lee, WK
Gong, WB
[J]. 2003 IEEE SYMPOSIUM ON SECURITY AND PRIVACY, PROCEEDINGS, 2003, : 62 - 75
[5] A sense of self for unix processes
Forrest, S
Hofmeyr, SA
Somayaji, A
Longstaff, TA
[J]. 1996 IEEE SYMPOSIUM ON SECURITY AND PRIVACY, PROCEEDINGS, 1996, : 120 - 128
[6] Ko C., 1994, Proceedings. 10th Annual Computer Security Applications Conference (Cat. No.94TH8032), P134, DOI 10.1109/CSAC.1994.367313
[7] A fast automaton-based method for detecting anomalous program behaviors
Sekar, R
Bendre, M
Dhurjati, D
Bollineni, P
[J]. 2001 IEEE SYMPOSIUM ON SECURITY AND PRIVACY, PROCEEDINGS, 2001, : 144 - 155

← 1 →