{"title":"在调用堆栈上使用智能跟踪技巧进行异常检测","authors":"Goverdhan Reddy Jidiga, P. Sammulal","doi":"10.1109/I2CT.2014.7092136","DOIUrl":null,"url":null,"abstract":"The call stack is an important baseline to detecting the intrusions spread over the system application programs penetrate and injected with malicious programs, also exploited by unauthorized users. But the previous work presented based on stack with the long training period, so in this paper demonstrate the extraction of sequences of return addresses generated by function calls in the code. This approach use two sets of input test data like return address set and function call sequence (virtual path) set. We apply smart trace tool and it is easy for anomaly detection and finding the unknown coding exploits as anomaly. We tested 14 attacks on Linux platform by setting different threshold values while training and given the affect of this technique with discussions on false positive rate.","PeriodicalId":384966,"journal":{"name":"International Conference for Convergence for Technology-2014","volume":"18 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2014-04-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":"{\"title\":\"Anomaly detection using smart tracing tricks on call stack\",\"authors\":\"Goverdhan Reddy Jidiga, P. Sammulal\",\"doi\":\"10.1109/I2CT.2014.7092136\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The call stack is an important baseline to detecting the intrusions spread over the system application programs penetrate and injected with malicious programs, also exploited by unauthorized users. But the previous work presented based on stack with the long training period, so in this paper demonstrate the extraction of sequences of return addresses generated by function calls in the code. This approach use two sets of input test data like return address set and function call sequence (virtual path) set. We apply smart trace tool and it is easy for anomaly detection and finding the unknown coding exploits as anomaly. We tested 14 attacks on Linux platform by setting different threshold values while training and given the affect of this technique with discussions on false positive rate.\",\"PeriodicalId\":384966,\"journal\":{\"name\":\"International Conference for Convergence for Technology-2014\",\"volume\":\"18 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2014-04-06\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"2\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"International Conference for Convergence for Technology-2014\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/I2CT.2014.7092136\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"International Conference for Convergence for Technology-2014","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/I2CT.2014.7092136","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Anomaly detection using smart tracing tricks on call stack
The call stack is an important baseline to detecting the intrusions spread over the system application programs penetrate and injected with malicious programs, also exploited by unauthorized users. But the previous work presented based on stack with the long training period, so in this paper demonstrate the extraction of sequences of return addresses generated by function calls in the code. This approach use two sets of input test data like return address set and function call sequence (virtual path) set. We apply smart trace tool and it is easy for anomaly detection and finding the unknown coding exploits as anomaly. We tested 14 attacks on Linux platform by setting different threshold values while training and given the affect of this technique with discussions on false positive rate.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
