期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

基于程序的异常检测研究综述 被引量:3

Overview of Anomaly Detection Based on Program
在线阅读 下载PDF
导出
摘要 以程序正常行为描述方法为线索,将利用系统调用数据检测程序异常行为的各种技术分类为基于规范的方法、基于频率的方法、控制流分析方法、数据流分析方法。详细介绍了这些方法的基本思想、使用的各种模型以及最新研究进展,指出并分析了现有技术中存在的问题和不足,正式提出了基于程序的异常检测技术应该以各种服务器程序为研究对象的观点,介绍了一个经过初步实验验证了的、基于服务器程序运行踪迹层次结构的异常检测原型系统,该原型系统利用了服务器程序请求-应答式工作特征和一些关键系统调用的语义信息以及运行时的动态信息,通过结构模式识别技术在识别服务器程序正常行为过程中发现异常并具备分析异常、提供入侵相关详细信息的能力,而这种能力正是异常检测技术进一步研究发展的方向之一。 In terms of methods describing normal program behavior,anomaly detection based on program can be grouped into several broad categories:specification-based,frequency-based,control-flow-based,and data-flow-based.After reviewing systematically the basic ideas and various models used in these approaches,discussing the new advances of the technique,pointing out and analyzing some problems and weaknesses which exist in current research,this paper formulated a notion that anomaly detection based on program should focus attention on various server programs.A system prototype based on the hierarchical structure of server programs' traces and validated by a preliminary experiment was simply introduced.The prototype is capable of analyzing anomalous events and providing detailed information with respect to intrusion,and these abilities are just the trend for more research of anomaly detection.
作者 黄金钟 朱淼良
机构地区 浙江大学计算机科学与技术学院
出处 《计算机科学》 CSCD 北大核心 2011年第6期7-13,53,共8页 Computer Science
基金 国家自然科学基金(60773182)资助
关键词 入侵检测 异常检测 异常分析 系统调用 服务器程序 结构模式识别 Intrusion detection Anomaly detection Anomaly analysis System call Server programs Structural pattern recognition
分类号 TP393 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献81

  • 1Ko C, Fink G, Levitt K. Automated detection of vulnerabilities in privileged programs by execution monitoring [C] // Procee- dings of the 10th Conference on Computer Security Applica tions. Los Alamitos, CA: IEEE Computer Society Press, 1994: 134-144.
  • 2Ko C,Ruschitzka M, Levitt K. Execution monitoring of security- critical programs in distributed systems: a specification-based approach[C]//Proceedings of the 1997 IEEE Symposium on Se- curity and Privacy. IEEE Computer Society Press, 1997 : 175-187.
  • 3Ko C. Logic induction of valid behavior specifications for intru- sion detection[C]//Proceedings of the 2000 IEEE Symposium on Security and Privacy. IEEE Computer Society Press, 2000: 142-153.
  • 4Sekar R, Bowen T, Segal M. On preventing intrusions by process behavior monitoring[C]//Proc, of the USENIX Intrusion De- tection Workshop. Santa Clara, USENIX, 1999 : 29-40.
  • 5Uppuluri P, Sekar R. Experiences with specification-based intru- sion detection[C]//Proc, of the 4th Int'l Symptom on Recent Advances in Intrusion Detection. Davis: Springer-Verlag, 2001 : 172-189.
  • 6Bernaschi M, Gabrielli E, Mancini R. A security-enhanced opera- ting system[J]. ACM Trans. on Information and System Securi- ty,2002,5(1) :36-61.
  • 7Chari Suresh N, Cheng Pau-chen. Bluebox: A policy-driven, host-based intrusion detection system[J]. ACM Transactions on Information and System Security, 2003,6(2) : 173-200.
  • 8Xie H, Biondi P. The LINUX intrusion detection project[OL]. http://www. lids. org,2002.
  • 9Walker K M, Daniel F S, Lee Badger M. Confining root pro- grams with domain and type enforcement[C]//Proc, of the 6th USENIX Security Symp, Focusing on Applications of Cryptog- raphy. San Jose,USENIX, 1996:21-36.
  • 10徐明,陈纯,应晶.基于系统调用分类的异常检测(英文)[J].软件学报,2004,15(3):391-403. 被引量:27

二级参考文献206

  • 1张相锋,孙玉芳,赵庆松.基于系统调用子集的入侵检测[J].电子学报,2004,32(8):1338-1341. 被引量:10
  • 2田新广,高立志,张尔扬.新的基于机器学习的入侵检测方法[J].通信学报,2006,27(6):108-114. 被引量:15
  • 3潘志松,罗隽,倪桂强,胡谷雨.基于支持向量描述的人工免疫检测算法[J].哈尔滨工程大学学报,2006,27(B07):302-306. 被引量:2
  • 4S. A. Hofmeyr, S. Forrest, and A. Somayaji. Intrusion detection using sequences of system calls. Journal of Computer Security, 1998, 6:151 - 180.
  • 5W. Lee and S. J- Stolfo. Data mining approaches for intrusion detection. In Proceedings of the 7th USENIX Security Symposium, 1998 .
  • 6Wagner, D., Dean, D. :Intrusion detection via static analysis. In Proceedings of the 2001 IEEE Symposium on Security and Privacy.
  • 7J.T. Giffin, S. Jim, B.P. Miller, Detecting Manipulated Remote Call Streams. In Proceedings of the 11th USENIX Security Symposium, 2002.
  • 8Sekar, R., Bendre, M., Dhurjati, D., Bollineni, P. A fast automaton- based method for detecting anomalous program behaviors. In Proceedings of the rEgg Symposium on Security and Privacy, IEEE Computer Society ,2001.
  • 9H. Feng, O. M. Kolesnikov, P. Fogla, W. Lee, et al.Anomaly Detection Using Call Stack Information. Proceedings of the 2003 IEEE Symposium on Security and Privacy.
  • 10Denning D. An intrusion detection model. IEEE Trans. on Software Engineering, 1987,13(2):222-232.

共引文献312

同被引文献53

  • 1卿斯汉,蒋建春,马恒太,文伟平,刘雪飞.入侵检测技术研究综述[J].通信学报,2004,25(7):19-29. 被引量:237
  • 2田新广,高立志,孙春来,张尔扬.基于系统调用和齐次Markov链模型的程序行为异常检测[J].计算机研究与发展,2007,44(9):1538-1544. 被引量:19
  • 3Patcha A,Park J M.An overview of anomaly detection techniques:existing solutions and latest technological trends[J].Computer Networks,2007,51 (12):3448-3470.
  • 4Lazarevic A,Kumar V,Srivastava J.Intrusion detection:a survey[M] //Managing Cyber Threats.Springer,2005:19-78.
  • 5Early J,Brodley C.Behavioral features for network anomaly detection[M] //Machine Learning and Data Mining for Computer Security.Springer,2006:107-124.
  • 6Mahoney M,Chan P K.PHAD:packet header anomaly detection for idemifying hostile network traffic[DB/OL].http://cs.fit.edu/~ mmahoney/paper3.pdf,2013-06-17.
  • 7Kotaiantis S,Kanellopoulos D,Pintelas P.Data preprocessing for supervised leaning[J].International Journal of Computer Science,2006 (1):111-117.
  • 8Garea-Teodoro P,Daz-Verdejo J,Macia-Fernandez G,et al.Anomaly-based network intrusion detection:techniques,systems and challenges[J].Computers&Security,2009,28 (1/2):18-28.
  • 9Damashek M.Gauging similarity with N-grams:language independent categorization of text[J].Science,1995,267:843-848.
  • 10Davis J J,Clark A J.Data preprocessing for anomaly based network intrusion detection:a review[J].Computers&Security,2011,30(6/7):353-375.

引证文献3

二级引证文献17

计算机科学
2011年 第6期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部