计算机工程与设计
計算機工程與設計
계산궤공정여설계
COMPUTER ENGINEERING AND DESIGN
2015年
5期
1176-1180
,共5页
0day漏洞%系统调用%攻击路径%入侵检测%网络安全
0day漏洞%繫統調用%攻擊路徑%入侵檢測%網絡安全
0day루동%계통조용%공격로경%입침검측%망락안전
0day vulnerability%system call%attack path%intrusion detection%network security
针对当前网络环境中缺乏有效检测0 day攻击路径的方法的问题,实现基于系统调用的0 day攻击路径检测系统。根据定义的语法规则和系统调用轨迹构造网络系统对象关系图,从网络系统对象关系图中识别出可疑的入侵传播路径,利用漏洞特征集合和漏洞指示函数识别出0 day攻击路径。实验结果表明,该系统能够准确检测网络中存在的0 day攻击路径,有效降低了误报和漏报率。
針對噹前網絡環境中缺乏有效檢測0 day攻擊路徑的方法的問題,實現基于繫統調用的0 day攻擊路徑檢測繫統。根據定義的語法規則和繫統調用軌跡構造網絡繫統對象關繫圖,從網絡繫統對象關繫圖中識彆齣可疑的入侵傳播路徑,利用漏洞特徵集閤和漏洞指示函數識彆齣0 day攻擊路徑。實驗結果錶明,該繫統能夠準確檢測網絡中存在的0 day攻擊路徑,有效降低瞭誤報和漏報率。
침대당전망락배경중결핍유효검측0 day공격로경적방법적문제,실현기우계통조용적0 day공격로경검측계통。근거정의적어법규칙화계통조용궤적구조망락계통대상관계도,종망락계통대상관계도중식별출가의적입침전파로경,이용루동특정집합화루동지시함수식별출0 day공격로경。실험결과표명,해계통능구준학검측망락중존재적0 day공격로경,유효강저료오보화루보솔。
In view of the lack of effective methods to detect 0day attack path in current network,the system call based 0day at-tack path detecting system was presented.Firstly,the grammatical rules were defined in the system,and then the graph of ob-j ect relation of the network system was constructed according to the tracks of the system calls by taking use of the pre-defined rules.After that,the suspicious network intrusion propagation path from the object graph was found out.At last,the 0day at-tack path was identified according to the feature set and exploit loopholes in the indicator function.Experimental results show that the proposed 0day attack path detection system can accurately detect the presence of 0day attack path of the network,and effectively reduce the false positive rate and false negative rate.