Model-based intrusion detection by abstract interpretation

Jingyu Hua, Takashi Nishide, Kouichi Sakurai

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Model-based intrusion detection works by comparing a process's runtime behavior with a pre-computed normal program model. This paper studies this technology from the viewpoint of abstract interpretation theory. We regard different program behavior models used to perform intrusion detection as different abstractions of the concrete trace semantics of programs. Based on this point, we formally define model-based intrusion detection and present a generic generation algorithm for program models on a provided abstraction domain. Eventually, we discuss how to use this mechanism to implement a real intrusion detection model proposed by us before.

Original languageEnglish
Title of host publicationProceedings - 2010 10th Annual International Symposium on Applications and the Internet, SAINT 2010
Pages359-362
Number of pages4
DOIs
Publication statusPublished - Nov 29 2010
Event2010 10th Annual International Symposium on Applications and the Internet, SAINT 2010 - Seoul, Korea, Republic of
Duration: Jul 19 2010Jul 23 2010

Other

Other2010 10th Annual International Symposium on Applications and the Internet, SAINT 2010
CountryKorea, Republic of
CitySeoul
Period7/19/107/23/10

    Fingerprint

All Science Journal Classification (ASJC) codes

  • Computer Networks and Communications
  • Computer Science Applications

Cite this

Hua, J., Nishide, T., & Sakurai, K. (2010). Model-based intrusion detection by abstract interpretation. In Proceedings - 2010 10th Annual International Symposium on Applications and the Internet, SAINT 2010 (pp. 359-362). [5598041] https://doi.org/10.1109/SAINT.2010.107