Computer Science ›› 2010, Vol. 37 ›› Issue (3): 64-66.
Previous Articles Next Articles
XIE Feng,XIE Li-xia
Online:
Published:
Abstract: Anomaly detection is an important method for protecting program Traditionally a program is protected by means of monitoring system call, but the invoked address is often ignored. This paper presented a new audit event named as L-Call to describe the program behavior, which is the system call with invoked address in nature. A Chebyshev inequality-based method was also presented to evaluate the deviation of program behavior from normal. The deviation degree that we named as anomaly degree is based on the likelihood of L-Call sequence occurred under the unknown distribution. Finally a Markov-based prototype was constructed to evaluate the experiment,which is named as LC-ADS (i.e. L-Call based Anomaly Detection System). The experimental results show that LC-ADS acquires the better true posi- five rate and lower false alarm rate.
Key words: L-Call,Chebyshev inequality,Anomaly degree,LC-ADS
XIE Feng,XIE Li-xia. Enhanced Approach to Anomalous Program Behaviors Detection[J].Computer Science, 2010, 37(3): 64-66.
0 / / Recommend
Add to citation manager EndNote|Reference Manager|ProCite|BibTeX|RefWorks
URL: https://www.jsjkx.com/EN/
https://www.jsjkx.com/EN/Y2010/V37/I3/64
Cited