Program behavior model based on system call and time interval

Author

Li, Zhen ; Tian, Junfeng

Author_Institution

Network Technol. Inst., Hebei Univ., Baoding, China

fYear

2010

fDate

24-27 Aug. 2010

Firstpage

1018

Lastpage

1023

Abstract

The automaton of program behavior based on system call is often used to model program behavior. The automaton of program behavior based on system call and time interval is proposed, which overcomes one of drawbacks of traditional automaton of program behavior based on system call: inability to monitor the program behavior between adjacent system calls. The method of quantifying time intervals between adjacent system calls is presented. Through monitoring the deviation degree of time intervals between adjacent system calls, the model can decide whether to deviate from normal program behavior between adjacent system calls to some extent. The experimental results show that the automaton of program behavior based on system call and time interval can model program behavior more accurately and has better detection ability of program behavior than traditional models.

Keywords

remote procedure calls; security of data; adjacent system calls; deviation degree; program behavior automation; program behavior model; time interval; Analytical models; Automata; Computational modeling; Context; Intrusion detection; Monitoring; Time series analysis; anomaly detection; automaton; program behavior; system call; time interval;

fLanguage

English

Publisher

ieee

Conference_Titel

Computer Science and Education (ICCSE), 2010 5th International Conference on

Conference_Location

Hefei

Print_ISBN

978-1-4244-6002-1

Type

conf

DOI

10.1109/ICCSE.2010.5593402

Filename

5593402