Video monitoring equipment attack detection system based on memory behavior characteristics

Abstract

The invention discloses a video monitoring equipment attack detection system based on memory behavior characteristics, and the system comprises a collection module which is used for collecting the memory behavior characteristics of video monitoring equipment, and capturing the frequency of each system call number generated by the system through modifying the system kernel of the video monitoring equipment; the storage module is used for timely and effectively storing the memory behavior characteristics of the video monitoring equipment and storing the access density map of each system call number; the model construction module is used for constructing a memory behavior model of the video monitoring equipment and carrying out dimension reduction processing and clustering processing on the acquired memory characteristic data; the detection and alarm module is used for detecting the current attack behavior of the video monitoring equipment and giving an alarm; and the test module is usedfor simulating attack behaviors of the video monitoring equipment and testing the performance of the detection and alarm module. The system can describe different types of attacks by calling the density map through the system.

Description

technical field [0001] The invention belongs to the field of network security. By associating embedded system memory behavior with specific attack examples, a video surveillance equipment behavior model is constructed, and a video surveillance equipment attack detection system based on memory behavior characteristics is designed and proposed. Background technique [0002] With the continuous development of computer technology and communication technology, video surveillance equipment has been more and more widely used in daily production and life along with new information technology application modes such as "Internet of Things" and "Smart City". As an embedded device, video surveillance equipment has limited internal resources and a harsh operating environment, resulting in a large number of security mechanisms that cannot be used due to the extreme limitations of computing power and system operating conditions (such as delay constraints, inability to stop updates, etc.). ...

AI Technical Summary

Problems solved by technology

[0005] The present invention overcomes the problems of large system overhead, poor real-time performance, and lack of commonality of reference indicators in the existing intrusion detection system for embedded devices. The difference in frequency of call numbers provides an attack detection system that can be used by upgrading the operating system kernel. The video surveillance equipment is used as the prototype system, and the in-system extraction module of memory feature data is used to adopt appropriate dimensionality reduction and aggregation. Class algorithm, providing effective analysis and representation of memory characteristic data, realizing the construction of normal memory behavior model of the system and detection and analysis of abnormal behavior

Images