Weitere Kapitel dieses Buchs durch Wischen aufrufen
Design of program secure systems is connected with choice of mathematical models of the systems. A widely-used approach to malware detection (or classification as “benign-malicious”) is based on the system calls traces similarity measurement. Presently both the set-theoretical metrics (for example, Jaccard similarity, the Edit (Levenshtein) distance (ED) ) between the traces of system calls and the Markov chain based models of attack effect are used. Jaccard similarity is used when the traces are considered as a non-ordering set. The Edit Distance, namely, the minimal number of edit operations (delete, insert and substitute of a single symbol) required to convert one sequence to the other, is used as it reflects the traces ordering and semantics. However, the time and space complexity of the edit distance between two strings requires quadratic (in symbol numbers) complexity . The traces can also be represented as a system calls graphs , the nodes of which are the system calls (or the items of the q-grams ). That is, we can consider the traces description by the ordered string as a partial case of the graph representation, for which it is possible to use the same similarity metrics with the same computational complexity.
This work demonstrates a framework for combining both graph-based and probabilistic models enabling both the analysis of the system robustness to malicious attacks and malicious codes recognition and detection.
Bitte loggen Sie sich ein, um Zugang zu diesem Inhalt zu erhalten
Sie möchten Zugang zu diesem Inhalt erhalten? Dann informieren Sie sich jetzt über unsere Produkte:
Leskovec, J., Rajaraman, A., Ullman, J.: Mining of Massive Datasets. Cambridge University Press, Cambridge (2014) CrossRef
Maggi, F., Matteucci, M., Zanero, S.: Detecting intrusions through system call sequence and argument analysis. Trans. Dependable Secure Comput. 7(4), 381–396 (2010) CrossRef
Frenkel, S., Zakharov, V., Basok, B.: Technical report of FRC “Computer Science and Control” of RAS, Moscow, Russia (2017). http://www.ipiran.ru/publications/Tech_report.pdf
Frenkel, S., Zakharov, V.: Technical report of FRC “Computer Science and Control” of RAS, Moscow, Russia (2018). http://www.ipiran.ru/publications/Report FR_Zakh.pdf
- Brief Announcement: Graph-Based and Probabilistic Discrete Models Used in Detection of Malicious Attacks
Neuer Inhalt/© ITandMEDIA