System call sequence characteristic mode set generation method based on subgraph mining
A feature pattern and call sequence technology, applied in the fields of instrumentation, electrical digital data processing, platform integrity maintenance, etc., can solve problems such as incomplete feature pattern set, insufficient consideration of system call attribute parameters, and missing abnormal behavior.
Active Publication Date: 2017-05-17
HARBIN ENG UNIV
View PDF6 Cites 5 Cited by
- Summary
- Abstract
- Description
- Claims
- Application Information
AI Technical Summary
Problems solved by technology
The published patent document of "Anomaly Intrusion Detection Method Based on Frequent Subgraph Mining" with the application number CN201010285726.6 was relatively successful in constructing the characteristic pattern set of the system call sequence by using the theory of frequent subgraph mining, but it did not fully consider the system The important factor of invoking attribute parameters does not comprehensively consider the internal system call attribute relationship of a single feature pattern set and the system call attribute relationship between different feature patterns. The resulting feature pattern set is incomplete. When the program behavior is detected by the set, it will cause false positives and false negatives of abnormal behaviors. Therefore, it is necessary to propose a method that can generate a more reasonable and complete set of system call feature patterns.
Method used
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View moreImage
Smart Image Click on the blue labels to locate them in the text.
Smart ImageViewing Examples
Examples
Experimental program
Comparison scheme
Effect test
Embodiment Construction
[0078] The present invention will be further described below in conjunction with the accompanying drawings.
[0079] Because the existing system call sequence feature pattern set generation methods usually only consider the context of the system call sequence, the generated feature pattern set is not complete and cannot fully reflect all the inherent characteristics of software behavior. The present invention converts the system call sequence into a directed graph structure by introducing the frequent subgraph mining theory, adds the system call attribute relationship in the process of frequent subgraph mining, and proposes a new method for mining the system call sequence feature pattern set Method(PatternPSet). The present invention solves the limitations of the prior art in the generation of system call sequence feature pattern sets, and has the following advantages:
[0080] The traditional pattern set generation method mainly divides the original system call sequence in v...
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More PUM
Login to View More Abstract
The invention relates to the technical field of computer software, in particular to a system call sequence characteristic mode set generation method based on subgraph mining. The system call sequence characteristic mode set generation method based on subgraph mining can be used for software abnormality monitoring and software intrusion detection and includes the steps of (1), defining related concepts; (2), converging system call parameter types; (3), determining system call attribute relation rules; (4), determining subgraph characteristic values; (5), preprocessing system call sequences; (6), expanding candidate subgraphs; (7), simplifying redundant subgraphs; (8), constructing a characteristic mode set. The system call sequence characteristic mode set generation method based on subgraph mining has the advantages that selection of the candidate subgraphs is balanced automatically according to different internal conditions of the system call sequences during characteristic value setting, so that workload in a subsequent subgraph expansion mining process is reduced, and good bases are provided for quantifying and simplifying the importance degree of the redundant subgraphs.
Description
technical field [0001] The invention relates to the technical field of computer software, in particular to a method for generating a system call sequence feature pattern set based on subgraph mining, which can be used for monitoring abnormal software behavior and intrusion detection. Background technique [0002] With the rapid development of information technology, especially the widespread application of the Internet, software has increasingly become the core component of modern products and services, and is an important reliance on the construction and operation of key infrastructure. Due to the fragility of software and the unexpectedness of runtime functions, this highly complex and irrational dependency poses a great threat to the safe, reliable and stable operation of various enterprises. Therefore, there is an urgent need to propose the acquisition of software behavior feature patterns based on the running state of the software system, so as to effectively improve th...
Claims
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More Application Information
Patent Timeline
Login to View More Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/56
CPCG06F21/566G06F2221/033
Inventor 徐东姬少培孟宇龙张子迎张朦朦王磊罗年磊
Owner HARBIN ENG UNIV