基于系统行为分析的异常检测技术研究

doi:10.3969/j.issn.1000-0801.2009.02.014

Abstract

Abstract:

This paper gives an overview of different kinds of behavior-based anomaly detection technologies.It compares two classes of IDS-HIDS and NIDS,introduces the role of HIDS in Internet security and the classification of technologies it adopts.After that,it describes both static analysis technologies of HIDS anomaly detection by explaining their basic concepts,development and effects,with a focus on system-behavior based methods.At last,this paper concludes the current situation,future hot topics and prospect of behavior-based HIDS.

Key words: network security, HIDS, anomaly detection, static behavior analysis, dynamic behavior analysis, system call sequence

Binbin Zhou,Baojiang Cui,Yixian Yang. Research About System-behavior-based Anomaly Detection Technologies[J]. Telecommunications Science, 2009, 1(2): 59-65.

References 19

1	Gao D , Reiter K M , Song D . On gray-box program tracking for anomaly detection.In: Proceedings of the 13th USENIX Security Symposium, San Diego, August 2004
2	Gao D , Reiter K M , Song D . Gray-box extraction of execution graphs for anomaly detection.In: Proceedings of the 11th ACM Conference on Computer and Communications Security（CCS）, Washington DC, October 2004
3	Forrest S , Hofmeyr S A , Somayaji A , et al . A sense of self for unix processes.In: IEEE Symposium on Computer Security and Privacy, Los Alamos,CA, May 1996
4	Forrest S , Hofmeyr S A , Somayaji A . Intrusion detection using sequences of system calls. Journal of Computer Security, 1996(6):151～180
5	Helman P , Bhangoo J . A statistically based system forprioritizing information exploration under uncertainty. IEEE Transactions on Systems, 1997(7):449～466
6	Lee W , Stolfo S J , Chan P K . Learning patterns from Unix process execution traces for intrusion detection. AAAI Workshop on AI Approaches to Fraud Detection and Risk Management, July 1997
7	Warrender C , Forrest S , Pearlmutter B , et al . Detecting intrusions using system calls:alternative data models.In: IEEE Symposium on Security and Privacy, Los Alamos,CA, 1999
8	Sekar R , Bendre M , Bollineni P , et al . A fast automaton- based method for detecting anomalous program behaviors.In: IEEE Symposium on Security and Privacy, Oakland,CA, May 2001
9	Mutz D , Valeur F , Kruegel C , et al . Anomalous system call detection on the detection of anomalous system call arguments. ACM Transactions on Information and System Security, 2006(9)
10	Xu H , Du W , Chapin S , et al . Context sensitive anomaly monitoring of process control flow to detect mimicry attacks and impossible paths.In: Symposium on Recent Advances in Intrusion Detection （RAID）, France, September 2004
11	Wagner D , Soto P . Mimicry attacks on host-based intrusion detection systems.In: ACM Conference on Computer and Communications Security, Washington, November 2002
12	Wespi A , Dacier M , Debar H , . Intrusion detection using variable-length audit trail patterns.In: 3rd International Workshop on the Recent Advances in Intrusion Detection, Toulouse, October 2000
13	Wespi A , Dacier M , Debar H , et al . Audit trail pattern analysis for detecting suspicious process behavior.In: Proceedings of RAID 98,Workshop on Recent Advances in Intrusion Detection, Belgium, September 1998
14	Wespi A , Dacier M , Debar H . An intrusion-detection system based on the teiresias pattern-discovery algorithm. European Institute for Computer Anti-Virus Research, February 1999
15	Sujatha P K , Kannan A D , Ragunath S . A behavior based approach to host-level intrusion detection using self-organizing maps. Emerging Trends in Engineering and Technology, 2008
16	Feng H H , Kolesnikov M O , Fogla P . Anomaly detection using call stack information.In: IEEE Symposium on Security and Privacy, Berkeley, May 2003
17	Lee W , Stolfo S . Data mining approaches for intrusion detection.In: 7th USENIX Security Symposium, San Antonio, January 1998
18	Wagner D , Dean D . Intrusion detection via static analysis.In: IEEE Symposium on Security and Privacy, Oakland, May 2001
19	McKelin U , Greens S J , Twycross J . Immune system approaches to intrusion detection-a review.In: Proc of the Third International Conference on Artificial Immune Systems, Catania,Italy, September 2004

Metrics

Recommended 0

No Suggested Reading articles found!

[1]	Le ZHANG, Hongyuan MA. Practice on edge cloud security of telecom operators [J]. Telecommunications Science, 2023, 39(4): 165-172.
[2]	Weixiong CHEN, Xiaochen YANG, Zengjun CHUN, Ruolan LI, Hua ZHANG. Research and practice of network security threat intelligence management system for power enterprise [J]. Telecommunications Science, 2022, 38(7): 184-189.
[3]	Huahua CHEN, Zhe CHEN. Research on anomaly detection algorithm based on sparse variational autoencoder using spike and slab prior [J]. Telecommunications Science, 2022, 38(12): 65-77.
[4]	Yatian LIU, Bowen HU, Maofei CHEN, Dongxin LIU. Study on the 5GC security situational awareness system [J]. Telecommunications Science, 2022, 38(11): 73-85.
[5]	Su WANG, Hua LU, Shuo WANG, Lei CAI, Tao HUANG. Research progress of KPI anomaly detection in intelligent operation and maintenance [J]. Telecommunications Science, 2021, 37(5): 42-51.
[6]	Huahua CHEN, Zhe CHEN, Chunsheng GUO, Na YING, Xueyi YE, Jianwu ZHANG. Anomaly detection algorithm based on Gaussian mixture variational auto encoder network [J]. Telecommunications Science, 2021, 37(4): 54-61.
[7]	Yue GU, Dan LI, Kaihui GAO. Research on network traffic classification based on machine learning and deep learning [J]. Telecommunications Science, 2021, 37(3): 105-113.
[8]	Ming GAO,Jin LUO,Huiying ZHOU,Hai JIAO,Lili YING. A differential feedback scheduling decision algorithm based on mimic defense [J]. Telecommunications Science, 2020, 36(5): 73-82.
[9]	Yuanying XIAO,Yaodong YOU,Lixi XIANG. Causes and optimization of the false alarm rate of code review system [J]. Telecommunications Science, 2020, 36(12): 155-162.
[10]	Zhiqiang YANG,Li SU,Minpeng QI,Bo YANG. Overview and prospect of 5G security [J]. Telecommunications Science, 2020, 36(12): 1-19.
[11]	Guofeng HE. Application protection in 5G cloud network using zero trust architecture [J]. Telecommunications Science, 2020, 36(12): 123-132.
[12]	Ping XIE,Xiaosong LIU. Security of the deployment of SDN-based IoT using blockchain [J]. Telecommunications Science, 2020, 36(12): 139-146.
[13]	Hang YU,Shuai WANG,Huamin JIN. RASP based Web security detection method [J]. Telecommunications Science, 2020, 36(11): 113-120.
[14]	Junwen WANG. Technical requirement of future industrial internet [J]. Telecommunications Science, 2019, 35(8): 26-38.
[15]	Xiaomin TAN,Ai FANG,Duo JIN,Changjiang LI. Automated anomaly detection of IPTV user experience [J]. Telecommunications Science, 2019, 35(7): 159-164.

Research About System-behavior-based Anomaly Detection Technologies

RichHTML

PDF下载

Knowledge

Cited

Abstract

Cite this article

share this article

References 19

Related Articles 15

Metrics

Recommended 0