Detecting the Deviations of Privileged Process Execution

Detecting the Deviations of Privileged Process Execution

Most intruders access system unauthorizedly by exploiting vulnerabilities of privileged processes. Respectively monitoring privileged processes via system call sequences is one of effective methods to detect intrusions. Based on the analysis of popular attacks, we bring forward a new intrusion detec...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Su, Purui, Li, Dequan, Qu, Haipeng, Feng, Dengguo
Format: Tagungsbericht
Sprache:eng
Schlagworte:
Applied sciences
Attack Method
Computer science
control theory
systems
Computer systems and distributed systems. User interface
Detection Accuracy
Exact sciences and technology
Intrusion Detection
Malicious Code
Software
System Call
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:Most intruders access system unauthorizedly by exploiting vulnerabilities of privileged processes. Respectively monitoring privileged processes via system call sequences is one of effective methods to detect intrusions. Based on the analysis of popular attacks, we bring forward a new intrusion detection model monitoring the system call sequences, which use locally fuzzy matching to improve the detection accuracy. And the model adopts a novel profile generation method, which could easily generate better profile. The experimental results show that both the accuracy and the efficiency have been improved.
ISSN:0302-9743
1611-3349
DOI:10.1007/978-3-540-31957-3_111