Host-based intrusion detection system for secure human-centric computing
作者: Daesung Moon , Sung Bum Pan , Ikkyun Kim
DOI: 10.1007/S11227-015-1506-9
关键词:
摘要: With the advancement of information communication technology, people can access many useful services for human-centric computing. Although this increases work efficiency and provides greater convenience to people, advanced security threats such as Advanced Persistent Threat (APT) attack have been continuously increasing. Technical measures protecting against an APT are desperately needed because attacks, 3.20 Cyber Terror SK Communications hacking incident, occurred repeatedly cause considerable damage, socially economically. Moreover, there limitations existing devices designed cope with attacks that continue persistently using zero-day malware. For reason, we propose a malware detection method based on behavior process host PC. Our proposal overcomes signature-based intrusion systems. First, defined 39 characteristics demarcating from benign programs collected 8.7 million characteristic parameter events when were executed in virtual-machine environment. Further, executable program is running PC, present 83-dimensional vector by reconstructing frequency each parameter's occurrence according ID data. It possible more accurate including occurring child processes. We use C4.5 decision tree algorithm detect database. The results our proposed show 2.0 % false-negative rate 5.8 false-positive rate.
springer.com
acm.org
sci-hub.se 参考文章(14)
Igor Santos, Felix Brezo, Javier Nieves, Yoseba K. Penya, Borja Sanz, Carlos Laorden, Pablo G. Bringas, Idea: Opcode-Sequence-Based Malware Detection Lecture Notes in Computer Science. pp. 35- 43 ,(2010) , 10.1007/978-3-642-11747-3_3
Wei Xiong, Naixue Xiong, Laurence T. Yang, Jong Hyuk Park, Hanping Hu, Qian Wang, An anomaly-based detection in ubiquitous network using the equilibrium state of the catastrophe theory The Journal of Supercomputing. ,vol. 64, pp. 274- 294 ,(2013) , 10.1007/S11227-011-0644-Y
Jaeseung Song, Hyoungshick Kim, Athanasios Gkelias, iVisher: Real‐Time Detection of Caller ID Spoofing Etri Journal. ,vol. 36, pp. 865- 875 ,(2014) , 10.4218/ETRIJ.14.0113.0798
Hai Jin, Guofu Xiang, Deqing Zou, Song Wu, Feng Zhao, Min Li, Weide Zheng, A VMM-based intrusion prevention system in cloud computing environment The Journal of Supercomputing. ,vol. 66, pp. 1133- 1151 ,(2013) , 10.1007/S11227-011-0608-2
Colin Tankard, Advanced Persistent threats and how to monitor and deter them Network Security. ,vol. 2011, pp. 16- 19 ,(2011) , 10.1016/S1353-4858(11)70086-1
Syed Shariyar Murtaza, Wael Khreich, Abdelwahab Hamou-Lhadj, Mario Couture, A host-based anomaly detection approach by representing system calls as states of kernel modules international symposium on software reliability engineering. pp. 431- 440 ,(2013) , 10.1109/ISSRE.2013.6698896
HyunJin Kim, Seung-Woo Lee, A Hardware-Based String Matching Using State Transition Compression for Deep Packet Inspection Etri Journal. ,vol. 35, pp. 154- 157 ,(2013) , 10.4218/ETRIJ.13.0212.0165
Jaeik Cho, Taeshik Shon, Ken Choi, Jongsub Moon, Dynamic learning model update of hybrid-classifiers for intrusion detection The Journal of Supercomputing. ,vol. 64, pp. 522- 526 ,(2013) , 10.1007/S11227-011-0698-X
Kyungho Son, Taijin Lee, Dongho Won, Design for Zombie PCs and APT Attack Detection based on traffic analysis Journal of the Korea Institute of Information Security and Cryptology. ,vol. 24, pp. 491- 498 ,(2014) , 10.13089/JKIISC.2014.24.3.491
Jiankun Hu, Host-Based Anomaly Intrusion Detection Handbook of Information and Communication Security. pp. 235- 255 ,(2010) , 10.1007/978-3-642-04117-4_13