Title :
Program behavior model based on system call and time interval
Author :
Li, Zhen ; Tian, Junfeng
Author_Institution :
Network Technol. Inst., Hebei Univ., Baoding, China
Abstract :
The automaton of program behavior based on system call is often used to model program behavior. The automaton of program behavior based on system call and time interval is proposed, which overcomes one of drawbacks of traditional automaton of program behavior based on system call: inability to monitor the program behavior between adjacent system calls. The method of quantifying time intervals between adjacent system calls is presented. Through monitoring the deviation degree of time intervals between adjacent system calls, the model can decide whether to deviate from normal program behavior between adjacent system calls to some extent. The experimental results show that the automaton of program behavior based on system call and time interval can model program behavior more accurately and has better detection ability of program behavior than traditional models.
Keywords :
remote procedure calls; security of data; adjacent system calls; deviation degree; program behavior automation; program behavior model; time interval; Analytical models; Automata; Computational modeling; Context; Intrusion detection; Monitoring; Time series analysis; anomaly detection; automaton; program behavior; system call; time interval;
Conference_Titel :
Computer Science and Education (ICCSE), 2010 5th International Conference on
Conference_Location :
Hefei
Print_ISBN :
978-1-4244-6002-1
DOI :
10.1109/ICCSE.2010.5593402
