東華大學圖書館 |

語系: 繁體中文

說明(常見問題)

回圖書館首頁

手機版館藏查詢

登入

回首頁

切換: 標籤 | MARC模式 | ISBD

Gray-box anomaly detection using sys...

Gao, Debin.

FindBook

Google Book

Amazon

博客來

Gray-box anomaly detection using system call monitoring.

紀錄類型:	書目-語言資料,印刷品 : Monograph/item
正題名/作者:	Gray-box anomaly detection using system call monitoring./
作者:	Gao, Debin.
面頁冊數:	89 p.
附註:	Adviser: Michael K. Reiter.
Contained By:	Dissertation Abstracts International68-02B.
標題:	Computer Science. -
電子資源:	http://pqdd.sinica.edu.tw/twdaoapp/servlet/advanced?query=3250905

Gray-box anomaly detection using system call monitoring.
Gao, Debin.

Gray-box anomaly detection using system call monitoring. - 89 p.

Adviser: Michael K. Reiter.

Thesis (Ph.D.)--Carnegie Mellon University, 2007.

Many host-based anomaly detection systems monitor a process by observing the system calls it makes, and comparing these calls to a model of normal behavior for the program that the process is executing. In this thesis we explore two novel approaches for constructing the normal behavior model for anomaly detection.Subjects--Topical Terms:

626642
Computer Science.

Gray-box anomaly detection using system call monitoring.
LDR:02733nam 2200289 a 45 001 972729
005 20110928
008 110928s2007 eng d
035 $a (UMI)AAI3250905
035 $a AAI3250905
040 $a UMI $c UMI
100 1 $a Gao, Debin. $3 1296702
245 1 0 $a Gray-box anomaly detection using system call monitoring.
300 $a 89 p.
500 $a Adviser: Michael K. Reiter.
500 $a Source: Dissertation Abstracts International, Volume: 68-02, Section: B, page: 1068.
502 $a Thesis (Ph.D.)--Carnegie Mellon University, 2007.
520 $a Many host-based anomaly detection systems monitor a process by observing the system calls it makes, and comparing these calls to a model of normal behavior for the program that the process is executing. In this thesis we explore two novel approaches for constructing the normal behavior model for anomaly detection.
520 $a We introduce execution graph, which is the first model that both requires no static analysis of the program source or binary, and conforms to the control flow graph of the program. When used as the model in an anomaly detection system monitoring system calls, it (i) accepts only system call sequences that are consistent with the control flow graph of the program; (ii) is maximal given a set of training data, meaning that any extensions to the execution graph could permit some intrusions to go undetected. We formalize and prove these claims, and evaluate the performance of an anomaly detector using execution graphs.
520 $a Behavioral distance compares the behavior of a process to the behavior of another process that is executing on the same input but that either runs on a different operating system or runs a different program that has similar functionality. Assuming their diversity renders these processes vulnerable only to different attacks, a successful attack on one of them should induce a detectable increase in the "distance" between the behavior of the two processes. We propose two black-box approaches for measuring behavioral distance, the first inspired by evolutionary distance and the second using a new type of Hidden Markov Model.
520 $a We additionally build and evaluate a replicated system, which uses behavioral distance to protect Internet servers. Through trace-driven evaluations we show that we can achieve low false-alarm rates and moderate performance costs even when the system is tuned to detect very stealthy mimicry attacks.
590 $a School code: 0041.
650 4 $a Computer Science. $3 626642
690 $a 0984
710 2 0 $a Carnegie Mellon University. $3 1018096
773 0 $t Dissertation Abstracts International $g 68-02B.
790 $a 0041
790 1 0 $a Reiter, Michael K., $e advisor
791 $a Ph.D.
792 $a 2007
856 4 0 $u http://pqdd.sinica.edu.tw/twdaoapp/servlet/advanced?query=3250905