Efficient Context-Sensitive Intrusion Detection Based on State Transition Table
スポンサーリンク
概要
- 論文の詳細を見る
Those host-based intrusion detection models like VPStatic first construct a model of acceptable behaviors for each monitored program via static analysis, and then perform intrusion detection by comparing them with programs runtime behaviors. These models usually share the highly desirable feature that they do not produce false alarms but face the conflicts between accuracy and efficiency. For instance, the high accuracy of the VPStatic model is at the cost of high space complexity. In this paper, we use a statically-constructed state transition table (STT), which records expected transitions among system calls as well as their stack states (return address lists), as a behavior model to perform context-sensitive intrusion detection. According to our analysis, our STT model improves the space efficiency of the VPStatic model without decreasing its high precision and time efficiency. Experiments show that for three test programs, memory uses of our STT models are all much less than half of the VPStatic models. Thereby, we alleviate the conflicts between the accuracy and the efficiency.
- 2011-01-01
著者
-
Sakurai Kouichi
Kyushu Univ. Fukuoka‐shi Jpn
-
Li Mingchu
School Of Software Dalian University Of Technology
-
Sakurai Kouichi
Dept. Of Computer Science And Communication Engineering Kyushu University
-
Sakurai Kouichi
Information Technology And Security Group Department Of Computer Science And Communication Engineeri
-
Ren Yizhi
Dept. Of Informatics Kyushu University
-
HUA Jingyu
Dept. of Informatics, Kyushu University
-
Hua Jingyu
Dept. Of Informatics Kyushu University
関連論文
- ESS-FH: Enhanced Security Scheme for Fast Handover in Hierarchical Mobile IPv6
- A New Secret Sharing Scheme Based on the Multi-Dealer
- Analysis of Program Obfuscation Schemes with Variable Encoding Technique
- Reliable Key Distribution Scheme for Lossy Channels
- On Effectiveness of Clock Control in Stream Ciphers(Information Theory and Its Applications)
- Experimental Analysis of Guess-and-Determine Attacks on Clock-Controlled Stream Ciphers(Cryptography and Information Security, Information Theory and Its Applications)
- ESS-FH : Enhanced Security Scheme for Fast Handover in Hierarchical Mobile IPv6
- An Enhanced Security Protocol for Fast Mobile IPv6
- A Security Analysis on Kempf-Koodli's Security Scheme for Fast Mobile IPv6
- A New Secret Sharing Scheme Based on the Multi-Dealer
- Modeling Security Bridge Certificate Authority Architecture
- An Adaptive Reputation-Based Algorithm for Grid Virtual Organization Formation
- Analysis of Existing Privacy-Preserving Protocols in Domain Name System
- Analysis of Program Obfuscation Schemes with Variable Encoding Technique
- FOREWORD
- Economic-inspired truthful reputation feedback mechanism in P2P networks
- On securing open networks through trust and reputation-architecture, challenges and solutions
- Distributed Noise Generation for Density Estimation Based Clustering without Trusted Third Party
- Security and Correctness Analysis on Privacy-Preserving k-Means Clustering Schemes
- Private Data Clustering based on Secure Approximation
- Enhancing Cooperative Behavior for P2P Reputation Systems by Group Selection (Theoretical Computer Science and Its Applications)
- Special Section on Cryptography and Information Security
- Efficient Context-Sensitive Intrusion Detection Based on State Transition Table
- Improved Subset Difference Method with Ternary Tree
- Timing Attacks against a Parallelized RSA Implementation (特集:プライバシを保護するコンピュータセキュリティ技術)
- A Progress Report on Lattice Based Public-Key Cryptosystems : Theoretical Security versus Practical Cryptanalysis(Special Issue on Algorithm Engineering : Surveys)