CAJ | 학술논문

针对当前网络环境中缺乏有效检测0 day攻击路径的方法的问题，实现基于系统调用的0 day攻击路径检测系统。根据定义的语法规则和系统调用轨迹构造网络系统对象关系图，从网络系统对象关系图中识别出可疑的入侵传播路径，利用漏洞特征集合和漏洞指示函数识别出0 day攻击路径。实验结果表明，该系统能够准确检测网络中存在的0 day攻击路径，有效降低了误报和漏报率。
침대당전망락배경중결핍유효검측0 day공격로경적방법적문제，실현기우계통조용적0 day공격로경검측계통。근거정의적어법규칙화계통조용궤적구조망락계통대상관계도，종망락계통대상관계도중식별출가의적입침전파로경，이용루동특정집합화루동지시함수식별출0 day공격로경。실험결과표명，해계통능구준학검측망락중존재적0 day공격로경，유효강저료오보화루보솔。
In view of the lack of effective methods to detect 0day attack path in current network,the system call based 0day at-tack path detecting system was presented.Firstly,the grammatical rules were defined in the system,and then the graph of ob-j ect relation of the network system was constructed according to the tracks of the system calls by taking use of the pre-defined rules.After that,the suspicious network intrusion propagation path from the object graph was found out.At last,the 0day at-tack path was identified according to the feature set and exploit loopholes in the indicator function.Experimental results show that the proposed 0day attack path detection system can accurately detect the presence of 0day attack path of the network,and effectively reduce the false positive rate and false negative rate.