Efficient intrusion detection based on static analysis and stack walks

Jingyu Hua, Mingchu Li, Kouichi Sakurai, Yizhi Ren

研究成果: Chapter in Book/Report/Conference proceedingConference contribution

1 被引用数 (Scopus)

抄録

Some intrusion detection models such as the VPStatic first construct a behavior model for a program via static analysis, and then perform intrusion detection by monitoring whether its execution is consistent with this behavior model. These models usually share the highly desirable feature that they do not produce false alarms but they face the conflict between precision and efficiency. The high precision of the VPStatic is at the cost of high space complexity. In this paper, we propose a new context-sensitive intrusion detection model based on static analysis and stack walks, which is similar to VPStatic but much more efficient, especially in memory use. We replace the automaton in the VPStatic with a state transition table (STT) and all redundant states and transitions in VPStatic are eliminated. We prove that our STT model is a deterministic pushdown automaton (DPDA) and the precision is the same as the VPStatic. Experiments also demonstrate that our STT model reduces both time and memory costs comparing with the VPStatic, in particular, memory overheads are less than half of the VPStatic's. Thereby, we alleviate the conflict between precision and efficiency.

本文言語英語
ホスト出版物のタイトルAdvances in Information and Computer Security - 4th International Workshop on Security, IWSEC 2009, Proceedings
ページ158-173
ページ数16
DOI
出版ステータス出版済み - 2009
イベント4th International Workshop on Security, IWSEC 2009 - Toyama, 日本
継続期間: 10 28 200910 30 2009

出版物シリーズ

名前Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
5824 LNCS
ISSN(印刷版)0302-9743
ISSN(電子版)1611-3349

その他

その他4th International Workshop on Security, IWSEC 2009
国/地域日本
CityToyama
Period10/28/0910/30/09

All Science Journal Classification (ASJC) codes

  • 理論的コンピュータサイエンス
  • コンピュータ サイエンス(全般)

フィンガープリント

「Efficient intrusion detection based on static analysis and stack walks」の研究トピックを掘り下げます。これらがまとまってユニークなフィンガープリントを構成します。

引用スタイル