• DocumentCode
    2105014
  • Title

    Using extended information to refine program behavior profile

  • Author

    Feng Xie ; Yong Peng ; Dongqing Chen

  • Author_Institution
    China Inf. Technol., Security Evaluation Center, Beijing, China
  • fYear
    2012
  • fDate
    9-11 Nov. 2012
  • Firstpage
    991
  • Lastpage
    995
  • Abstract
    System call provides the interface between an application and operating system, which is wildly used to detect network intrusions. By the extraction of extended information from system call stack, a new audit event is constructed and is used to refine the program profile in this paper. We name it as l-call. Meanwhile a Chebyshev´s inequality based approach is also proposed to measure the anomaly degree which reflects the degree of deviation from the normal behavior due to the intrusions. Compared with system call, l-call has much more granularity to better describe the program behavior. Although the number of l-call is greater than that of system call which will inevitably lead to greater storage overhead, many experiments show that these costs are at an acceptable level, and l-call-based model has acquired more detection performance than system-call-based model.
  • Keywords
    computer network security; data flow analysis; operating systems (computers); Chebyshev inequality based approach; detect network intrusions; extended information; l-call-based model; operating system; program behavior profile refinement; program profile; system call stack; system-call-based model; Chebyshev´s inequality; anomaly degree; extended information; l-call;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Communication Technology (ICCT), 2012 IEEE 14th International Conference on
  • Conference_Location
    Chengdu
  • Print_ISBN
    978-1-4673-2100-6
  • Type

    conf

  • DOI
    10.1109/ICCT.2012.6511343
  • Filename
    6511343
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=2105014