Title :
Detection of Programs Behaviors on Context Dependency
Author :
Jianjing, Pang ; Xinguang, Peng
Author_Institution :
Dept. of Comput. Sci. & Technol., Taiyuan Univ. of Technol., Taiyuan
Abstract :
Anomaly detection of privileged program behaviors is one of the most important means to ensure the system security. An alternative modeling method is proposed based on the BP neural network classifier, which builds upon the concept of the context dependency short sequences and the specially designed m-nearest algorithm. It is because that the neural network classifiers have the advantages of high generalization capability on unknown data, and the context dependency can more accurately determine the nature of local behaviors for the short sequences, behavior detection performance of program traces was evidently improved as compared with the previous modeling method.
Keywords :
backpropagation; data flow analysis; pattern classification; security of data; BP neural network classifier; alternative modeling method; anomaly detection; context dependency; privileged program behaviors; program behavior detection; system security; Computer networks; Computer security; Context modeling; Data security; Event detection; Frequency; Kernel; Neural networks; Operating systems; Statistical distributions; context dependency; system calls; system security;
Conference_Titel :
Networks Security, Wireless Communications and Trusted Computing, 2009. NSWCTC '09. International Conference on
Conference_Location :
Wuhan, Hubei
Print_ISBN :
978-1-4244-4223-2
DOI :
10.1109/NSWCTC.2009.143
