| In this dissertation, firstly, it introduces model-based anomaly detection method. And these detection methods can retrofit efficient attack detection ability to vulnerable programs. These detection methods restrict a process’execution by using a precomputed model of normal and expected behavior. Then, it raises a new Dyck model. New Dyck model is the statically-constructed model that balances security and performance. We further improve the Dyck model by incorporating into the model information about data values used in the program and about the execution environment in which the program runs. We quantify such improvements with a new evaluation metric for complex program models. We automatically discover mimicry and avoid attacks. We start with two models:a program model of the application’s execution behavior and a model of security-critical operating system state. Given unsafe configurations that describe the goals of an attack, we then find behaviors allowed as valid execution by the program model that produce the unsafe configurations. Our work demonstrates the viability of model-based anomaly detection. Although the vulnerabilities may persist, model-based anomaly detection provides a mechanism to prevent attackers exploiting a vulnerability from accessing or damaging the system. Finally, taking WuWei occupational college campus network as an example, the author does some tries to apply Dyck model in practice. The experiment shows that Dyck model has nice effectiveness for resisting vulnerabilities. |
PDF Full Text Request