Gray-Box Extraction of Execution Graphs for Anomaly Detection

机译：用于异常检测的执行图的灰箱提取

获取原文

获取原文并翻译 | 示例

页面导航

摘要
著录项
相似文献
相关主题

摘要

Many host-based anomaly detection systems monitor a process by observing the system calls it makes, and comparing these calls to a model of behavior for the program that the process should be executing. In this paper we introduce a new model of system call behavior, called an execution graph. The execution graph is the first such model that both requires no static analysis of the program source or binary, and conforms to the control flow graph of the program. When used as the model in an anomaly detection system monitoring system calls, it offers two strong properties: (ⅰ) it accepts only system call sequences that are consistent with the control flow graph of the program; (ⅱ) it is maximal given a set of training data, meaning that any extensions to the execution graph could permit some intrusions to go undetected. In this paper, we formalize and prove these claims. We additionally evaluate the performance of our anomaly detection technique.

机译：许多基于主机的异常检测系统通过观察进程发出的系统调用，并将这些调用与进程应执行的程序的行为模型进行比较，来监视进程。在本文中，我们介绍了一种新的系统调用行为模型，称为执行图。执行图是第一个这样的模型，既不需要对程序源或二进制文件进行静态分析，又符合程序的控制流程图。当在异常检测系统监视系统调用中用作模型时，它具有两个强大的特性：（ⅰ）它仅接受与程序的控制流程图一致的系统调用序列；（ⅱ）在给定一组训练数据的情况下最大，这意味着对执行图的任何扩展都可能使某些入侵未被发现。在本文中，我们对这些主张进行形式化和证明。我们还评估了异常检测技术的性能。

著录项

来源
《Association for Computing Machinery(ACM) Conference on Computer and Communications Security(CS 2004); 20041025-29; Washington,DC(US)》|2004年|P.318-329|共12页
会议地点 WashingtonDC(US)
作者
Debin Gao; Michael K. Reiter; Dawn Song;
展开▼
作者单位

Department of Electrical Computer Engineering, Carnegie Mellon University, Pittsburgh, Pennsylvania, USA;

展开▼
会议组织
原文格式 PDF
正文语种 eng
中图分类计算技术、计算机技术;
关键词
intrusion detection; anomaly detection; system call monitoring; control flow graph;

机译：入侵检测;异常检测;系统调用监控;控制流程图;

相似文献

外文文献
中文文献
专利

1. Natural language-based detection of semantic execution anomalies in event logs [J] . Aa Han van der, Rebmann Adrian, Leopold Henrik Information Systems . 2021,第Deca期

机译：基于自然语言的语法检测事件日志中的语义执行异常
2. Temporal Execution Behavior for Host Anomaly Detection in Programmable Logic Controllers [J] . Formby David, Beyah Raheem IEEE transactions on information forensics and security . 2020,第期

机译：可编程逻辑控制器中主机异常检测的时间执行行为
3. Execution anomaly detection in large-scale systems through console log analysis [J] . Bao Liang, Li Qian, Lu Peiyao, The Journal of Systems and Software . 2018,第sepa期

机译：通过控制台日志分析在大型系统中执行异常检测
4. Gray-box extraction of execution graphs for anomaly detection [C] . Debin Gao, Michael K. Reiter, Dawn Song ACM conference on Computer and communications security . 2004

机译：执行图的灰箱提取以进行异常检测
5. Gray-box anomaly detection using system call monitoring. [D] . Gao, Debin. 2007

机译：使用系统调用监视进行灰箱异常检测。
6. Comparison of liquid-liquid extraction-thin layer chromatography with solid-phase extraction-high-performance thin layer chromatography in detection of urinary morphine [O] . Ali Ahadi, Alireza Partoazar, Mohammad-Hassan Abedi-Khorasgani, 2011

机译：液-液萃取-薄层色谱法与固相萃取-高效薄层色谱法检测尿中吗啡的比较
7. Gray-Box Extraction of Execution Graphs for Anomaly Detection [O] . GAO, Debin, Reiter, Michael K., SONG, Dawn 2004

机译：用于异常检测的执行图的灰箱提取

Gray-Box Extraction of Execution Graphs for Anomaly Detection

摘要

著录项

相似文献

相关主题

期刊订阅