In view of the lack of effective methods to detect 0day attack path in current network,the system call based 0day at-tack path detecting system was presented.Firstly,the grammatical rules were defined in the system,and then the graph of ob-j ect relation of the network system was constructed according to the tracks of the system calls by taking use of the pre-defined rules.After that,the suspicious network intrusion propagation path from the object graph was found out.At last,the 0day at-tack path was identified according to the feature set and exploit loopholes in the indicator function.Experimental results show that the proposed 0day attack path detection system can accurately detect the presence of 0day attack path of the network,and effectively reduce the false positive rate and false negative rate.%针对当前网络环境中缺乏有效检测0 day攻击路径的方法的问题,实现基于系统调用的0 day攻击路径检测系统。根据定义的语法规则和系统调用轨迹构造网络系统对象关系图,从网络系统对象关系图中识别出可疑的入侵传播路径,利用漏洞特征集合和漏洞指示函数识别出0 day攻击路径。实验结果表明,该系统能够准确检测网络中存在的0 day攻击路径,有效降低了误报和漏报率。
展开▼
