DocumentCode :
2518005
Title :
Model-Based Intrusion Detection by Abstract Interpretation
Author :
Hua, Jingyu ; Nishide, Takashi ; Sakurai, Kouichi
Author_Institution :
Dept. of Inf., Kyushu Univ., Fukuoka, Japan
fYear :
2010
fDate :
19-23 July 2010
Firstpage :
359
Lastpage :
362
Abstract :
Model-based intrusion detection works by comparing a process´s runtime behavior with a pre-computed normal program model. This paper studies this technology from the viewpoint of abstract interpretation theory. We regard different program behavior models used to perform intrusion detection as different abstractions of the concrete trace semantics of programs. Based on this point, we formally define model-based intrusion detection and present a generic generation algorithm for program models on a provided abstraction domain. Eventually, we discuss how to use this mechanism to implement a real intrusion detection model proposed by us before.
Keywords :
security of data; abstract interpretation; generic generation algorithm; model based intrusion detection; runtime behavior process; Algorithm design and analysis; Analytical models; Computational modeling; Concrete; Intrusion detection; Registers; Semantics; abstract interpretation; intrusion detection; static analysis;
fLanguage :
English
Publisher :
ieee
Conference_Titel :
Applications and the Internet (SAINT), 2010 10th IEEE/IPSJ International Symposium on
Conference_Location :
Seoul
Print_ISBN :
978-1-4244-7526-1
Electronic_ISBN :
978-0-7695-4107-5
Type :
conf
DOI :
10.1109/SAINT.2010.107
Filename :
5598041
Link To Document :
https://search.ricest.ac.ir/dl/search/defaultta.aspx?DTC=49&DC=2518005
بازگشت