基于系统行为分析的异常检测技术研究

doi:10.3969/j.issn.1000-0801.2009.02.014

电信科学 ›› 2009, Vol. 1 ›› Issue (2): 59-65.doi: 10.3969/j.issn.1000-0801.2009.02.014

• 专题:网络与信息安全 • 上一篇下一篇

基于系统行为分析的异常检测技术研究

周彬彬,崔室江,杨义先

北京邮电大学北京 100876

收稿日期:2009-01-03 出版日期:2009-02-15 发布日期:2017-08-18
基金资助:
国家“863”计划基金资助项目;国家“863”计划基金资助项目

Research About System-behavior-based Anomaly Detection Technologies

Binbin Zhou,Baojiang Cui,Yixian Yang

Beijing University of Posts and Telecommunications,Beijing 100876,China

Received:2009-01-03 Online:2009-02-15 Published:2017-08-18

摘要/Abstract

摘要：

本文介绍了入侵检测系统中的行为分析技术。针对HIDS异常检测技术中的静态行为分析技术和动态行为分析技术的技术原理、发展历史、研究现状和应用效果进行了分析，尤其对系统行为分析方法进行了重点分析。最后对基于行为分析技术的HIDS的发展趋势进行了展望，总结了HIDS目前的研究进展和在今后应当主要关注的问题。

关键词: 网络安全, HIDS, 异常检测, 静态行为分析, 动态行为分析, 系统调用序列

Abstract:

This paper gives an overview of different kinds of behavior-based anomaly detection technologies.It compares two classes of IDS-HIDS and NIDS,introduces the role of HIDS in Internet security and the classification of technologies it adopts.After that,it describes both static analysis technologies of HIDS anomaly detection by explaining their basic concepts,development and effects,with a focus on system-behavior based methods.At last,this paper concludes the current situation,future hot topics and prospect of behavior-based HIDS.

Key words: network security, HIDS, anomaly detection, static behavior analysis, dynamic behavior analysis, system call sequence

周彬彬,崔室江,杨义先. 基于系统行为分析的异常检测技术研究[J]. 电信科学, 2009, 1(2): 59-65.

Binbin Zhou,Baojiang Cui,Yixian Yang. Research About System-behavior-based Anomaly Detection Technologies[J]. Telecommunications Science, 2009, 1(2): 59-65.

参考文献 19

1	Gao D , Reiter K M , Song D . On gray-box program tracking for anomaly detection.In: Proceedings of the 13th USENIX Security Symposium, San Diego, August 2004
2	Gao D , Reiter K M , Song D . Gray-box extraction of execution graphs for anomaly detection.In: Proceedings of the 11th ACM Conference on Computer and Communications Security（CCS）, Washington DC, October 2004
3	Forrest S , Hofmeyr S A , Somayaji A , et al . A sense of self for unix processes.In: IEEE Symposium on Computer Security and Privacy, Los Alamos,CA, May 1996
4	Forrest S , Hofmeyr S A , Somayaji A . Intrusion detection using sequences of system calls. Journal of Computer Security, 1996(6):151～180
5	Helman P , Bhangoo J . A statistically based system forprioritizing information exploration under uncertainty. IEEE Transactions on Systems, 1997(7):449～466
6	Lee W , Stolfo S J , Chan P K . Learning patterns from Unix process execution traces for intrusion detection. AAAI Workshop on AI Approaches to Fraud Detection and Risk Management, July 1997
7	Warrender C , Forrest S , Pearlmutter B , et al . Detecting intrusions using system calls:alternative data models.In: IEEE Symposium on Security and Privacy, Los Alamos,CA, 1999
8	Sekar R , Bendre M , Bollineni P , et al . A fast automaton- based method for detecting anomalous program behaviors.In: IEEE Symposium on Security and Privacy, Oakland,CA, May 2001
9	Mutz D , Valeur F , Kruegel C , et al . Anomalous system call detection on the detection of anomalous system call arguments. ACM Transactions on Information and System Security, 2006(9)
10	Xu H , Du W , Chapin S , et al . Context sensitive anomaly monitoring of process control flow to detect mimicry attacks and impossible paths.In: Symposium on Recent Advances in Intrusion Detection （RAID）, France, September 2004
11	Wagner D , Soto P . Mimicry attacks on host-based intrusion detection systems.In: ACM Conference on Computer and Communications Security, Washington, November 2002
12	Wespi A , Dacier M , Debar H , . Intrusion detection using variable-length audit trail patterns.In: 3rd International Workshop on the Recent Advances in Intrusion Detection, Toulouse, October 2000
13	Wespi A , Dacier M , Debar H , et al . Audit trail pattern analysis for detecting suspicious process behavior.In: Proceedings of RAID 98,Workshop on Recent Advances in Intrusion Detection, Belgium, September 1998
14	Wespi A , Dacier M , Debar H . An intrusion-detection system based on the teiresias pattern-discovery algorithm. European Institute for Computer Anti-Virus Research, February 1999
15	Sujatha P K , Kannan A D , Ragunath S . A behavior based approach to host-level intrusion detection using self-organizing maps. Emerging Trends in Engineering and Technology, 2008
16	Feng H H , Kolesnikov M O , Fogla P . Anomaly detection using call stack information.In: IEEE Symposium on Security and Privacy, Berkeley, May 2003
17	Lee W , Stolfo S . Data mining approaches for intrusion detection.In: 7th USENIX Security Symposium, San Antonio, January 1998
18	Wagner D , Dean D . Intrusion detection via static analysis.In: IEEE Symposium on Security and Privacy, Oakland, May 2001
19	McKelin U , Greens S J , Twycross J . Immune system approaches to intrusion detection-a review.In: Proc of the Third International Conference on Artificial Immune Systems, Catania,Italy, September 2004

[1]	周胜利, 蒋可怡, 徐博, 徐睿, 张熙康, 赵泉喆, 徐阳东. 面向电信网络诈骗治理的网络安全课程构建效能评估研究[J]. 电信科学, 2023, 39(6): 122-128.
[2]	张乐, 马洪源. 运营商网络边缘云安全实践[J]. 电信科学, 2023, 39(4): 165-172.
[3]	陈伟雄, 杨晓晨, 春增军, 李若兰, 张华. 电力企业网络安全威胁情报管理体系的研究与实践[J]. 电信科学, 2022, 38(7): 184-189.
[4]	陈华华, 陈哲. 基于钉板分布稀疏变分自编码器的异常检测算法研究[J]. 电信科学, 2022, 38(12): 65-77.
[5]	刘亚天, 呼博文, 陈茂飞, 刘东鑫. 5GC安全态势感知系统研究[J]. 电信科学, 2022, 38(11): 73-85.
[6]	王速, 卢华, 汪硕, 蔡磊, 黄韬. 智能运维中KPI异常检测的研究进展[J]. 电信科学, 2021, 37(5): 42-51.
[7]	陈华华, 陈哲, 郭春生, 应娜, 叶学义, 章坚武. 基于混合高斯变分自编码网络的异常检测算法[J]. 电信科学, 2021, 37(4): 54-61.
[8]	顾玥, 李丹, 高凯辉. 基于机器学习和深度学习的网络流量分类研究[J]. 电信科学, 2021, 37(3): 105-113.
[9]	沈潇军,葛亚男,沈志豪,倪阳旦,吕明琪,翁正秋. 一种基于LSTM自动编码机的工业系统异常检测方法[J]. 电信科学, 2020, 36(7): 136-145.
[10]	高明,罗锦,周慧颖,焦海,应丽莉. 一种基于拟态防御的差异化反馈调度判决算法[J]. 电信科学, 2020, 36(5): 73-82.
[11]	李玉峰,陆肖元,曹晨红,李江涛,朱泓艺,孟楠. 智能网联汽车网络安全浅析[J]. 电信科学, 2020, 36(4): 36-45.
[12]	吴亚萍,董红召,林盈盈,柳菁. 混沌改进鱼群算法及其在工业控制网络异常检测中的应用[J]. 电信科学, 2020, 36(3): 27-33.
[13]	肖芫莹,游耀东,向黎希. 代码审计系统的误报率成因和优化[J]. 电信科学, 2020, 36(12): 155-162.
[14]	杨志强,粟栗,齐旻鹏,杨波. 5G安全技术与标准[J]. 电信科学, 2020, 36(12): 1-19.
[15]	何国锋. 零信任架构在5G云网中应用防护的研究[J]. 电信科学, 2020, 36(12): 123-132.

基于系统行为分析的异常检测技术研究

Research About System-behavior-based Anomaly Detection Technologies

在线阅读

PDF下载

可视化

被引次数

摘要/Abstract

引用本文

使用本文

参考文献 19

相关文章 15

Metrics

推荐阅读 0