{"title":"基于系统调用上下文的应用程序沙盒模型","authors":"Zhen Li, Hongyun Cai, Junfeng Tian, Wuyang Chen","doi":"10.1109/CMC.2010.77","DOIUrl":null,"url":null,"abstract":"An application sandbox model based on system call context is proposed and applied to intrusion detection. It overcomes some drawbacks of traditional special-purpose sandboxes: inconvenience for selecting sandbox with user involvement and inaccuracy of intrusion detection for different applications of the same class. The application sandbox, modeling for an application, introduces the improved program behavioral automaton, focuses on both control flow and data flow information involving system call arguments, and uses a new approach for presentation of system call context by context value. The experimental results show that our model can capture the system call context accurately with low time overhead and can well detect intrusions based on control flow and data flow.","PeriodicalId":296445,"journal":{"name":"2010 International Conference on Communications and Mobile Computing","volume":"88 4","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2010-04-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":"{\"title\":\"Application Sandbox Model Based on System Call Context\",\"authors\":\"Zhen Li, Hongyun Cai, Junfeng Tian, Wuyang Chen\",\"doi\":\"10.1109/CMC.2010.77\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"An application sandbox model based on system call context is proposed and applied to intrusion detection. It overcomes some drawbacks of traditional special-purpose sandboxes: inconvenience for selecting sandbox with user involvement and inaccuracy of intrusion detection for different applications of the same class. The application sandbox, modeling for an application, introduces the improved program behavioral automaton, focuses on both control flow and data flow information involving system call arguments, and uses a new approach for presentation of system call context by context value. The experimental results show that our model can capture the system call context accurately with low time overhead and can well detect intrusions based on control flow and data flow.\",\"PeriodicalId\":296445,\"journal\":{\"name\":\"2010 International Conference on Communications and Mobile Computing\",\"volume\":\"88 4\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2010-04-12\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"4\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2010 International Conference on Communications and Mobile Computing\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/CMC.2010.77\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2010 International Conference on Communications and Mobile Computing","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CMC.2010.77","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Application Sandbox Model Based on System Call Context
An application sandbox model based on system call context is proposed and applied to intrusion detection. It overcomes some drawbacks of traditional special-purpose sandboxes: inconvenience for selecting sandbox with user involvement and inaccuracy of intrusion detection for different applications of the same class. The application sandbox, modeling for an application, introduces the improved program behavioral automaton, focuses on both control flow and data flow information involving system call arguments, and uses a new approach for presentation of system call context by context value. The experimental results show that our model can capture the system call context accurately with low time overhead and can well detect intrusions based on control flow and data flow.