Anomaly Detection Research Based On System Call Sequence And Arguments

Posted on:2015-03-08

Degree:Master

Type:Thesis

Country:China

Candidate:D P Tang

Full Text:PDF

GTID:2268330425482086

Subject:Computer system architecture

Abstract/Summary:

PDF Full Text Request

The computer system security issues have become increasingly prominent with the development of the computer network. Anomaly detection technology is receiving more and more attention because of its ability of detecting unknown attacks. Anomaly detection can be divided into network-based and host-based anomaly detection, and this paper mainly discusses anomaly detection based on a particular host which is particularly a server host providing network services on the Internet.A valid monitoring methodology can precisely describe program behavior profile. The system calls are selected as the essential monitoring elements in host-based anomaly detection. The traditional host-based anomaly detection technology detects intrusion by monitoring system call data flow or control flow information. The control-flow anomaly detection system builds various model based on acquired system call sequences according to control-flow analysis. The data-flow anomaly detection system monitors the data transmission between system call arguments and return values. There is still a large gap between control-flow anomaly detection and data-flow anomaly detection which arises the defects of building program behavior profile incompletely and imprecisely.This paper puts forward a new method of combining control flow and data flow analysis. The method adopts fixed length sequence of system calls to build patterns which provides the system call properties context information. With association rule mining techniques, we can find relationships between properties according to the same patterns or different patterns and build two rule sets for the evaluation.At the end of this paper a simulation program based on our model is illustrated. Experimental results show that the control-flow-analysis-aided data flow analysis reveals some more accurate and useful rules that cannot be learned in prior data flow analysis method. These relation rules can be used for detecting more abnormal program behavior.

Keywords/Search Tags:

system call, control flow, data flow

PDF Full Text Request

Related items

1	Design And Implementation Of Android Application Information Leakage Detection Platform Based On Data Flow
2	Research And Implementation Of Packet Classification Technology For Data Flow Control Sysytem
3	Design And Implementation Of Spatial Network Traffic Control System Based On SDN
4	The Design And Implementation Of Expression And Explanation Tools Of IVR Flow Facing Call Center
5	Analysis And Implementation Of Network Flow Control System
6	Based On Ieee802.16 Wireless Man Service Flow Management And Two-stage Authorization Mechanism
7	The Research Of Agent-based Data Flow Testing Model And Implementation
8	Research On Web Clickstream Data Analysis Based On Random Walk Model
9	Research On High-Performance Internet Flow Identification Algorithms
10	Research On Static Detection Of Java Program Based On Control Flow Analysis And Data Flow Analysis