DocumentCode
2518005
Title
Model-Based Intrusion Detection by Abstract Interpretation
Author
Hua, Jingyu ; Nishide, Takashi ; Sakurai, Kouichi
Author_Institution
Dept. of Inf., Kyushu Univ., Fukuoka, Japan
fYear
2010
fDate
19-23 July 2010
Firstpage
359
Lastpage
362
Abstract
Model-based intrusion detection works by comparing a process´s runtime behavior with a pre-computed normal program model. This paper studies this technology from the viewpoint of abstract interpretation theory. We regard different program behavior models used to perform intrusion detection as different abstractions of the concrete trace semantics of programs. Based on this point, we formally define model-based intrusion detection and present a generic generation algorithm for program models on a provided abstraction domain. Eventually, we discuss how to use this mechanism to implement a real intrusion detection model proposed by us before.
Keywords
security of data; abstract interpretation; generic generation algorithm; model based intrusion detection; runtime behavior process; Algorithm design and analysis; Analytical models; Computational modeling; Concrete; Intrusion detection; Registers; Semantics; abstract interpretation; intrusion detection; static analysis;
fLanguage
English
Publisher
ieee
Conference_Titel
Applications and the Internet (SAINT), 2010 10th IEEE/IPSJ International Symposium on
Conference_Location
Seoul
Print_ISBN
978-1-4244-7526-1
Electronic_ISBN
978-0-7695-4107-5
Type
conf
DOI
10.1109/SAINT.2010.107
Filename
5598041
Link To Document