Journal Article10.1360/JOS182841
A Control Flow Based Program Behavior Extended Model
Lu Wei,Zeng Qing-kai +1 more
TL;DR: A control-flow-based program behavior extended model EMPDA is presented, which can describe some invariance properties while a program is running safely, and enhance the ability of intrusion detection by adding invariance constraints to control flow model.
read more
Abstract: This paper presents a control-flow-based program behavior extended model EMPDA(extended model based on push down automaton)by adding invariance constraints to control flow model,which can describe some invariance properties while a program is running safely,and enhance the ability of intrusion detection.By distinguishing the importance of system calls according to practical applications,this paper divides the program behavior model into core model and secondary model to reduce the workload of the model and improve the learning efficiency.Experimental results show that the extended model has better performances in many aspects,such as coverage speed,false positive rate and the capability of intrusion detection.
read more
Chat with Paper
AI Agents for this Paper
Find similar papers on Google Scholar, PubMed and Arxiv
Write a critical review of this paper
Analyze citations of this paper to find unaddressed research gaps
Citations
Credibility evaluation of software behavior based on behavioral attribute distance
Junfeng Tian,Ruling Mu +1 more
- 01 Nov 2010
TL;DR: An evaluation process consists of fixed-point evaluation, vertical evaluation and horizontal evaluation based on behavioral attribute distance, and a consistency evaluation of the two behavior trajectories is conducted, and the credibility of software behavior is judged.
4
Credibility Evaluation of Software Behavior Based on Behavioral Attribute Distance
Junfeng Tian,Ruling Mu +1 more
TL;DR: An evaluation process consists of fixed-point evaluation, vertical evaluation and horizontal evaluation based on behavioral attribute distance, and a consistency evaluation of the two behavior trajectories is conducted, and the credibility of software behavior is judged.
3
Behavior Observation-Based Dynamic Analysis for Componentized Internet Applications
TL;DR: A reusable software dynamic analysis methodology for componentized Internet applications, which is composed of two important parts: execution model construction and runtime behavior analysis, and a failure propagation algorithm is proposed to localize failure in software rejuvenation decision and recovery phases.
1
•Journal Article
An improved reference flow control model for policy-based intrusion detection
TL;DR: In this paper, the authors propose a policy-based intrusion detection model that checks legality of information flows between objects in the system, according to an existing security policy specification, i.e., not authorized by the security policy, are signaled and considered as intrusion symptoms.
1
System Calls Based Intrusion Detection:A Survey
WU Ying,JIANG Jian-hui,ZHANG Rui +2 more
TL;DR: This survey discusses system call based intrusion detection techniques, their challenges, and research trends, highlighting the need for improved detection performance, reduced error rates, and multi-platform practicality in commercial IDS systems like SanAPT.
References
An Intrusion-Detection Model
TL;DR: A model of a real-time intrusion-detection expert system capable of detecting break-ins, penetrations, and other forms of computer abuse is described, based on the hypothesis that security violations can be detected by monitoring a system's audit records for abnormal patterns of system usage.
A sense of self for Unix processes
Stephanie Forrest,Steven Hofmeyr,Anil Somayaji,Thomas A. Longstaff +3 more
- 06 May 1996
TL;DR: A method for anomaly detection is introduced in which "normal" is defined by short-range correlations in a process' system calls, and initial experiments suggest that the definition is stable during normal behaviour for standard UNIX programs.
Data mining approaches for intrusion detection
Wenke Lee,Salvatore J. Stolfo +1 more
- 26 Jan 1998
TL;DR: An agent-based architecture for intrusion detection systems where the learning agents continuously compute and provide the updated (detection) models to the detection agents is proposed.
Detecting intrusions using system calls: alternative data models
C. Warrender,Stephanie Forrest,Barak A. Pearlmutter +2 more
- 01 Jan 1999
TL;DR: This work compares the ability of different data modeling methods to represent normal behavior accurately and to recognize intrusions and concludes that for this particular problem, weaker methods than HMMs are likely sufficient.
Intrusion detection via static analysis
David Wagner,R. Dean +1 more
- 14 May 2001
TL;DR: It is shown how static analysis may be used to automatically derive a model of application behavior and the result is a host-based intrusion detection system with three advantages: a high degree of automation, protection against a broad class of attacks based on corrupted code, and the elimination of false alarms.