| Intrusion Detection Method for Program Vulnerability via Library Calls |
| |
| 引用本文: | DUAN Xuetao ZHONG Anming LI Ying JIA Chunfu. Intrusion Detection Method for Program Vulnerability via Library Calls[J]. 武汉大学学报:自然科学英文版, 2007, 12(1): 126-130. DOI: 10.1007/s11859-006-0237-4 |
| |
| 作者姓名: | DUAN Xuetao ZHONG Anming LI Ying JIA Chunfu |
| |
| 作者单位: | [1]College of Information Technology and Science,Nankai University, Tianjin 300071, China; [2]College of Information Science and Technology,University of Science and Technology of China, Hefei 230026,Anhui, China |
| |
| 基金项目: | Foundation item: Supporled by the Science and Technology Development Project Foundation of Tianjin (033800611, 05YFGZGX24200) |
| |
| 摘 要: | Library function call sequence is the direct reflection of a program's behavior. The relationship between program vulnerability and library calls is analyzed, and an intrusion detection method via library calls is proposed, in which the short sequences of library call are used as signature profile. In this intrusion detection method, library interposition is used to hook library calls, and with the discussion of the features of the library call sequence in detail, an algorithm based on information-theory is applied to determine the appropriate length of the library call sequence. Experiments show good performance of our method against intrusions caused by the popular program vulnerabilities.
|
| 关 键 词: | 图书馆 数据库 层序 管理制度 |
| 文章编号: | 1007-1202(2007)01-0126-05 |
| 收稿时间: | 2006-06-19 |
Intrusion detection method for program vulnerability via library calls |
| |
| Duan Xuetao,Zhong Anming,Li Ying,Jia Chunfu. Intrusion detection method for program vulnerability via library calls[J]. Wuhan University Journal of Natural Sciences, 2007, 12(1): 126-130. DOI: 10.1007/s11859-006-0237-4 |
| |
| Authors: | Duan Xuetao Zhong Anming Li Ying Jia Chunfu |
| |
| Affiliation: | (1) College of Information Technology and Science, Nankai University, Tianjin, 300071, China;(2) College of Information Science and Technology, University of Science and Technology of China, Hefei, 230026, Anhui, China |
| |
| Abstract: | Library function call sequence is the direct reflection of a program’s behavior. The relationship between program vulnerability and library calls is analyzed, and an intrusion detection method via library calls is proposed, in which the short sequences of library call are used as signature profile. In this intrusion detection method, library interposition is used to hook library calls, and with the discussion of the features of the library call sequence in detail, an algorithm based on information-theory is applied to determine the appropriate length of the library call sequence. Experiments show good performance of our method against intrusions caused by the popular program vulnerabilities. Biography: DUAN Xuetao (1981–), male, Ph.D. candidate, research direction: information security. |
| |
| Keywords: | intrusion detection program vulnerability library call information entropy |
| 本文献已被 CNKI 维普 SpringerLink 等数据库收录! |
