To detect more attacks aiming at key security data in program behavior-based anomaly detection,the data flow properties were formulated as unary and binary relations on system call arguments.A new method named two-phrase analysis(2PA)is designed to analyze the efficient relation dependency,and its description as well as advantages are discussed.During the phase of static analysis,a dependency graph was constructed according to the program's data dependency graph,which was used in the phase of dynamic learning to learn specified binary relations.The constructed dependency graph only stores the information of related arguments and events,thus improves the efficiency of the learning algorithm and reduces the size of learned relation dependencies.Performance evaluations show that the new method is more efficient than existing methods.
展开▼