Title :
Research on anomaly behavior blocking method for desktop security
Author :
Wang, Jing ; Sun, Chao-Yi ; Feng, Li ; Zhou, Ti
Author_Institution :
Wuhan Digital Eng. Inst., Wuhan, China
Abstract :
Anti-virus software is a most common method for protecting the security of Desktop operating system. However, they fall prey to a number of shortcomings such as fully depend on and need to update the virus-database frequently, long scanning time, and their inability to prevent the unknown attacks. Aiming at these, in this paper we propose a novel anomaly behavior blocking approach based on the process behavior reflected in operating system kernel, and introduce an adaptive sliding window to trace the whole process behavior sequence dynamically, two security indices, Normal-Density and Abnormal-Density are also put forward to evaluate the security status of process. By introducing them into the Network Entropy theory, we can make certain the blocking occasion and the blocking granularity accurately. Compared to the traditional blocking models based on fixed window, the experimental results show that this approach can block malicious behavior more effectively as well as drastically.
Keywords :
computer viruses; operating systems (computers); adaptive sliding window; anomaly behavior blocking method; antivirus software; desktop operating system security; network entropy theory; operating system kernel; scanning time; virus database update; Manganese; Tin; Abnormal-Density; Normal-Density; behavior blocking; desktop security; network theory; sliding window;
Conference_Titel :
Computer Application and System Modeling (ICCASM), 2010 International Conference on
Conference_Location :
Shanxi, Taiyuan
Print_ISBN :
978-1-4244-7235-2
Electronic_ISBN :
978-1-4244-7237-6
DOI :
10.1109/ICCASM.2010.5620464
