Computer System Security Model Based on System Call Related to Security
A computer system security model based on system call related to security is proposed. It is inspired from the biological immune system and overcomes some drawbacks of traditional computer immune system based on system call. It makes the number of system calls intercepted decrease significantly, records the arguments of system call which are useful information for intrusion detection without low efficiency, and distinguishes non-self from self by Sandbox as well as rule matching. Furthermore, our model resolves the unreliability and insecurity of process and the display of process behavior incompletely caused by denying the execution of a system call in traditional sandbox systems. Experimental results show that different non-self class can be distinguished accurately and non-self can be detected in Sandbox which is unknown type by rule matching without imposing heavy performance impact upon operating system.
computer immune system security system call sandboz
Jimin Li Zhen Li Kunlun Li
College of Computer Science and Technology,Tianjin University,300072 Tianjin,China College of Mathem College of Mathematics and Computer,Hebei University,071002 Baoding,China College of Electronic and Information Engineering,Hebei University,071002 Baoding,China
国际会议
2009 9th International Conference on Electronic Measurement & Instruments(第九届电子测量与仪器国际会议 ICEMI2009)
北京
英文
2296-2301
2009-08-16(万方平台首次上网日期,不代表论文的发表时间)