循环约简在异常检测程序行为学习中的应用

International Conference on Information Technology: Coding and Computing (ITCC'05) - Volume II Pub Date : 2005-04-04 DOI:10.1109/ITCC.2005.88

J. Long, D. Schwartz, S. Stoecklin, Mahesh K. Patel

{"title":"循环约简在异常检测程序行为学习中的应用","authors":"J. Long, D. Schwartz, S. Stoecklin, Mahesh K. Patel","doi":"10.1109/ITCC.2005.88","DOIUrl":null,"url":null,"abstract":"Evidence of some attacks can be manifested by abnormal sequences of system calls of programs. Most approaches that have been developed so far mainly concentrate on some program-specific behaviors and ignore some plain behaviors of programs. According to the concept of locality of reference, programs tend to spend most of their time on a few lines of code rather than other parts of the program. We use this finding to propose a method of loop reduction. A loop reduction algorithm, when applied to a series of system calls, eliminates redundant data. We did experiments for the comparison before and after loop reduction with the same detection approach. The preliminary results show that loop reduction improves the quality of training data by removing redundancy.","PeriodicalId":326887,"journal":{"name":"International Conference on Information Technology: Coding and Computing (ITCC'05) - Volume II","volume":"22 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2005-04-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":"{\"title\":\"Application of loop reduction to learning program behaviors for anomaly detection\",\"authors\":\"J. Long, D. Schwartz, S. Stoecklin, Mahesh K. Patel\",\"doi\":\"10.1109/ITCC.2005.88\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Evidence of some attacks can be manifested by abnormal sequences of system calls of programs. Most approaches that have been developed so far mainly concentrate on some program-specific behaviors and ignore some plain behaviors of programs. According to the concept of locality of reference, programs tend to spend most of their time on a few lines of code rather than other parts of the program. We use this finding to propose a method of loop reduction. A loop reduction algorithm, when applied to a series of system calls, eliminates redundant data. We did experiments for the comparison before and after loop reduction with the same detection approach. The preliminary results show that loop reduction improves the quality of training data by removing redundancy.\",\"PeriodicalId\":326887,\"journal\":{\"name\":\"International Conference on Information Technology: Coding and Computing (ITCC'05) - Volume II\",\"volume\":\"22 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2005-04-04\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"2\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"International Conference on Information Technology: Coding and Computing (ITCC'05) - Volume II\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ITCC.2005.88\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"International Conference on Information Technology: Coding and Computing (ITCC'05) - Volume II","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ITCC.2005.88","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 2

摘要

一些攻击的证据可以通过程序的系统调用的异常序列表现出来。迄今为止开发的大多数方法主要集中在一些特定于程序的行为上，而忽略了程序的一些普通行为。根据引用局部性的概念，程序倾向于将大部分时间花在几行代码上，而不是程序的其他部分。我们利用这一发现提出了一种减少环路的方法。当应用于一系列系统调用时，循环减少算法可以消除冗余数据。我们用同样的检测方法，做了循环还原前后的对比实验。初步结果表明，循环缩减通过去除冗余来提高训练数据的质量。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Application of loop reduction to learning program behaviors for anomaly detection

Evidence of some attacks can be manifested by abnormal sequences of system calls of programs. Most approaches that have been developed so far mainly concentrate on some program-specific behaviors and ignore some plain behaviors of programs. According to the concept of locality of reference, programs tend to spend most of their time on a few lines of code rather than other parts of the program. We use this finding to propose a method of loop reduction. A loop reduction algorithm, when applied to a series of system calls, eliminates redundant data. We did experiments for the comparison before and after loop reduction with the same detection approach. The preliminary results show that loop reduction improves the quality of training data by removing redundancy.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

International Conference on Information Technology: Coding and Computing (ITCC'05) - Volume II

自引率

0.00%

发文量