Model-based intrusion detection by abstract interpretation

Jingyu Hua; Takashi Nishide; Kouichi Sakurai

doi:10.1109/SAINT.2010.107

Model-based intrusion detection by abstract interpretation

Jingyu Hua, Takashi Nishide, Kouichi Sakurai

数理情報

研究成果: 書籍/レポートタイプへの寄稿 › 会議への寄与

抄録

Model-based intrusion detection works by comparing a process's runtime behavior with a pre-computed normal program model. This paper studies this technology from the viewpoint of abstract interpretation theory. We regard different program behavior models used to perform intrusion detection as different abstractions of the concrete trace semantics of programs. Based on this point, we formally define model-based intrusion detection and present a generic generation algorithm for program models on a provided abstraction domain. Eventually, we discuss how to use this mechanism to implement a real intrusion detection model proposed by us before.

本文言語	英語
ホスト出版物のタイトル	Proceedings - 2010 10th Annual International Symposium on Applications and the Internet, SAINT 2010
ページ	359-362
ページ数	4
DOI	https://doi.org/10.1109/SAINT.2010.107
出版ステータス	出版済み - 2010
イベント	2010 10th Annual International Symposium on Applications and the Internet, SAINT 2010 - Seoul, 韓国継続期間: 7月 19 2010 → 7月 23 2010

出版物シリーズ

名前	Proceedings - 2010 10th Annual International Symposium on Applications and the Internet, SAINT 2010

その他

その他	2010 10th Annual International Symposium on Applications and the Internet, SAINT 2010
国/地域	韓国
City	Seoul
Period	7/19/10 → 7/23/10

!!!All Science Journal Classification (ASJC) codes

コンピュータネットワークおよび通信
コンピュータサイエンスの応用

文献へのアクセス

10.1109/SAINT.2010.107

他のファイルとリンク

引用スタイル

Hua, J., Nishide, T., & Sakurai, K. (2010). Model-based intrusion detection by abstract interpretation. In Proceedings - 2010 10th Annual International Symposium on Applications and the Internet, SAINT 2010 (pp. 359-362). [5598041] (Proceedings - 2010 10th Annual International Symposium on Applications and the Internet, SAINT 2010). https://doi.org/10.1109/SAINT.2010.107

Model-based intrusion detection by abstract interpretation. / Hua, Jingyu; Nishide, Takashi; Sakurai, Kouichi.
Proceedings - 2010 10th Annual International Symposium on Applications and the Internet, SAINT 2010. 2010. p. 359-362 5598041 (Proceedings - 2010 10th Annual International Symposium on Applications and the Internet, SAINT 2010).

研究成果: 書籍/レポートタイプへの寄稿 › 会議への寄与

Hua, J, Nishide, T & Sakurai, K 2010, Model-based intrusion detection by abstract interpretation. in Proceedings - 2010 10th Annual International Symposium on Applications and the Internet, SAINT 2010., 5598041, Proceedings - 2010 10th Annual International Symposium on Applications and the Internet, SAINT 2010, pp. 359-362, 2010 10th Annual International Symposium on Applications and the Internet, SAINT 2010, Seoul, 韓国, 7/19/10. https://doi.org/10.1109/SAINT.2010.107

@inproceedings{e1c2ba96f98c4f8e997f89821bf8fa75,

title = "Model-based intrusion detection by abstract interpretation",

abstract = "Model-based intrusion detection works by comparing a process's runtime behavior with a pre-computed normal program model. This paper studies this technology from the viewpoint of abstract interpretation theory. We regard different program behavior models used to perform intrusion detection as different abstractions of the concrete trace semantics of programs. Based on this point, we formally define model-based intrusion detection and present a generic generation algorithm for program models on a provided abstraction domain. Eventually, we discuss how to use this mechanism to implement a real intrusion detection model proposed by us before.",

author = "Jingyu Hua and Takashi Nishide and Kouichi Sakurai",

note = "Copyright: Copyright 2010 Elsevier B.V., All rights reserved.; 2010 10th Annual International Symposium on Applications and the Internet, SAINT 2010 ; Conference date: 19-07-2010 Through 23-07-2010",

year = "2010",

doi = "10.1109/SAINT.2010.107",

language = "English",

isbn = "9780769541075",

series = "Proceedings - 2010 10th Annual International Symposium on Applications and the Internet, SAINT 2010",

pages = "359--362",

booktitle = "Proceedings - 2010 10th Annual International Symposium on Applications and the Internet, SAINT 2010",

}

TY - GEN

T1 - Model-based intrusion detection by abstract interpretation

AU - Hua, Jingyu

AU - Nishide, Takashi

AU - Sakurai, Kouichi

PY - 2010

Y1 - 2010

N2 - Model-based intrusion detection works by comparing a process's runtime behavior with a pre-computed normal program model. This paper studies this technology from the viewpoint of abstract interpretation theory. We regard different program behavior models used to perform intrusion detection as different abstractions of the concrete trace semantics of programs. Based on this point, we formally define model-based intrusion detection and present a generic generation algorithm for program models on a provided abstraction domain. Eventually, we discuss how to use this mechanism to implement a real intrusion detection model proposed by us before.

AB - Model-based intrusion detection works by comparing a process's runtime behavior with a pre-computed normal program model. This paper studies this technology from the viewpoint of abstract interpretation theory. We regard different program behavior models used to perform intrusion detection as different abstractions of the concrete trace semantics of programs. Based on this point, we formally define model-based intrusion detection and present a generic generation algorithm for program models on a provided abstraction domain. Eventually, we discuss how to use this mechanism to implement a real intrusion detection model proposed by us before.

UR - http://www.scopus.com/inward/record.url?scp=78649312530&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=78649312530&partnerID=8YFLogxK

U2 - 10.1109/SAINT.2010.107

DO - 10.1109/SAINT.2010.107

M3 - Conference contribution

AN - SCOPUS:78649312530

SN - 9780769541075

T3 - Proceedings - 2010 10th Annual International Symposium on Applications and the Internet, SAINT 2010

SP - 359

EP - 362

BT - Proceedings - 2010 10th Annual International Symposium on Applications and the Internet, SAINT 2010

T2 - 2010 10th Annual International Symposium on Applications and the Internet, SAINT 2010

Y2 - 19 July 2010 through 23 July 2010

ER -

Model-based intrusion detection by abstract interpretation

抄録

出版物シリーズ

その他

!!!All Science Journal Classification (ASJC) codes

文献へのアクセス

他のファイルとリンク

フィンガープリント

引用スタイル