A gray-box DPDA-based intrusion detection technique using system-call monitoring

J.H. Jafarian, A. Abbasi, S.S. Sheikhabadi

Onderzoeksoutput: Hoofdstuk in Boek/Rapport/CongresprocedureConferentiebijdrageAcademicpeer review

2 Citaten (Scopus)

Samenvatting

In this paper, we present a novel technique for automatic and efficient intrusion detection based on learning program behaviors. Program behavior is captured in terms of issued system calls augmented with point-of-system-call information, and is modeled according to an efficient deterministic pushdown automaton (DPDA). The frequency of visit of each state is captured and statistically analyzed to detect abnormal execution patterns. This approach provides a very accurate learning of program behavior, which avoids a broad class of impossible path exploits. It also allows detection of new classes of attacks such as denial-of-service and brute-force dictionary attacks. We also present a complexity analysis of our model, and show that its time and space complexity is polynomial and fairly comparable to other similar approaches in learning, and hugely better in detection. Moreover, We evaluate our approach experimentally in terms of false positive rate, convergence rate, and performance. Finally, We shall discuss classes of attacks which are detectable and undetectable by our approach.
Originele taal-2Engels
TitelCEAS'11 : Proceedings of the 8th Annual Collaboration, Electronic Messaging, Anti-Abuse and Spam Conference, 1-2 September 2011, Perth, Australia
Plaats van productieNew York
UitgeverijAssociation for Computing Machinery, Inc
Pagina's1-12
Aantal pagina's12
ISBN van geprinte versie978-1-4503-0788-8
DOI's
StatusGepubliceerd - 2011
Extern gepubliceerdJa
Evenement8th Annual Collaboration, Electronic Messaging, Anti-Abuse and Spam Conference (CEAS 2011), September 1-2, 2011, Perth, Australia - Perth, Australië
Duur: 1 sep 20112 sep 2011

Publicatie series

NaamCEAS '11
UitgeverijACM

Congres

Congres8th Annual Collaboration, Electronic Messaging, Anti-Abuse and Spam Conference (CEAS 2011), September 1-2, 2011, Perth, Australia
Verkorte titelCEAS 2011
Land/RegioAustralië
StadPerth
Periode1/09/112/09/11

Vingerafdruk

Duik in de onderzoeksthema's van 'A gray-box DPDA-based intrusion detection technique using system-call monitoring'. Samen vormen ze een unieke vingerafdruk.

Citeer dit