Detecting Anomalous Application Behaviors Using a System Call Clustering Method over Critical Resources
作者: Grandhi Jyostna , Pareek Himanshu , P. R. L. Eswari
DOI: 10.1007/978-3-642-22540-6_6
关键词:
摘要: Malware attacks which focus on exploiting an application to launch the payload have become major security threat. We present methodology and algorithm is able detect anomaly in behavior prevent such type of attacks. Our approach represent normal application, deviations from this them. using system calls made over critical resources by clustering these then monitor applications for any behavior, means enforcement algorithm. Any mismatch indicates anomaly. provide a description our approach. implemented tested proposed results are encouraging. As compared previous research direction, we implement Windows OS instead Linux use minifilter registry callback techniques raw call interception prohibited latest operating versions.
springer.com
sci-hub.st 参考文章(11)
Aditya P. Mathur, Nwokedi Idika, A Survey of Malware Detection Techniques ,(2007)
Konrad Rieck, Thorsten Holz, Carsten Willems, Patrick Düssel, Pavel Laskov, Learning and Classification of Malware Behavior international conference on detection of intrusions and malware and vulnerability assessment. pp. 108- 125 ,(2008) , 10.1007/978-3-540-70542-0_6
R. Sekar, Thomas F. Bowen, Mark E. Segal, On preventing intrusions by process behavior monitoring ID'99 Proceedings of the 1st conference on Workshop on Intrusion Detection and Network Monitoring - Volume 1. pp. 29- 40 ,(1999)
Steven A. Hofmeyr, Stephanie Forrest, Anil Somayaji, Intrusion detection using sequences of system calls Journal of Computer Security. ,vol. 6, pp. 151- 180 ,(1998) , 10.3233/JCS-980109
Chetan Parampalli, R. Sekar, Rob Johnson, A practical mimicry attack against powerful system-call monitors computer and communications security. pp. 156- 167 ,(2008) , 10.1145/1368310.1368334
Christian Seifert, Ramon Steenson, Ian Welch, Peter Komisarczuk, Barbara Endicott-Popovsky, Capture - A behavioral analysis tool for applications and documents digital forensic research workshop. ,vol. 4, pp. 23- 30 ,(2007) , 10.1016/J.DIIN.2007.06.003
R. Sekar, M. Bendre, D. Dhurjati, P. Bollineni, A fast automaton-based method for detecting anomalous program behaviors ieee symposium on security and privacy. pp. 144- 155 ,(2001) , 10.1109/SECPRI.2001.924295
Anil Somayaji, Steven A. Hofmeyr, Thomas A. Longstaff, Stephanie Forrest, A sense of self for Unix processes ieee symposium on security and privacy. pp. 120- 128 ,(1996) , 10.5555/525080.884258
C. Warrender, S. Forrest, B. Pearlmutter, Detecting intrusions using system calls: alternative data models ieee symposium on security and privacy. pp. 133- 145 ,(1999) , 10.1109/SECPRI.1999.766910
David Wagner, Paolo Soto, Mimicry attacks on host-based intrusion detection systems Proceedings of the 9th ACM conference on Computer and communications security - CCS '02. pp. 255- 264 ,(2002) , 10.1145/586110.586145