Research on Anomaly Behavior Blocking Method for Desktop Security
Anti-virus software is a most common method for protecting the security of Desktop operating system. However, they fall prey to a number of shortcomings such as fully depend on and need to update the virus-database frequently, long scanning time, and their inability to prevent the unknown attacks. Aiming at these, in this paper we propose a novel anomaly behavior blocking approach based on the process behavior reflected in operating system kernel, and introduce an adaptive sliding window to trace the whole process behavior sequence dynamically, two security indices, NormalDensity and Abnormal-Density are also put forward to evaluate the security status of process. By introducing them into the Network Entropy theory, we can make certain the blocking occasion and the blocking granularity accurately. Compared to the traditional blocking models based on fixed window, the experimental results show that this approach can block malicious behavior more effectively as well as drastically.
behavior blocking desktop security sliding window abnormal-density normal-density network theory
WANG Jing SUN Chao-yi FENG Li ZHOU Ti
Wuhan Digital Engineering Institute Wuhan, China School of Computer Science and Technology Harbin Engineering Institute Harbin, China
国际会议
太原
英文
67-71
2010-10-22(万方平台首次上网日期,不代表论文的发表时间)