Action control method based on LSM programme

A behavior and program technology, applied in the field of security server equipment, can solve the problems of low detection efficiency, high false alarm rate, huge pattern library, etc., and achieve the effect of high detection efficiency and low false alarm rate

Inactive Publication Date: 2005-08-03
PLA UNIV OF SCI & TECH
View PDF0 Cites 7 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] The present invention mainly aims at the problem that the normal behavior pattern library of the existing program behavior control technology using the system call sequence as the program behavior modeling in the security server equipment is too large, the detection efficiency is low, and the false alarm rate is high, and a method using LSM is provided. A program behavior control method using interception points as data sources for program behavior modeling to assist in improving the ability of security server devices to identify abnormal program behavior

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Action control method based on LSM programme
  • Action control method based on LSM programme
  • Action control method based on LSM programme

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0012] like figure 1 shown. After the user starts the security server device monitoring program used as an Internet server, the program object to be monitored is manually set according to the requirement. After obtaining the intercepted data of the monitored program, the security server will hand it over to the identification mechanism for processing. Usually, the intercepted data will be compared with the normal behavior pattern database of the monitored program, and necessary exception handling will be performed. If it is normal, it will continue. The prior art library of normal behavior patterns for monitored programs is large.

[0013] The inventive method such as figure 2 shown. Step 10 is the initial action. Step 11 completes that the security server device obtains the LSM interception point data and generates an LSM interception point sequence with a length equal to 10. The data sequence is obtained by the specially designed processing method of the present invent...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The program action controlling method utilizing LSM interception point includes the following steps: intercepting LSM control point information the monitored program passes to create one LSM interception point sequence of length 10; comparing the created sequence with available sequences in the normal action mode library and adding the sequence into the normal action mode library when there is no matched sequence in the library; beginning monitoring the designated program; intercepting the LSM control point information the monitored program passes; comparing the created sequence with available sequences in the normal action mode library and sending alarm to the system if no matched sequence. The present invention can raise the capacity for the safety server equipment to identify abnormal program.

Description

1. Technical field [0001] The invention relates to a security server device used as an Internet server, in particular to a method for controlling program behavior in the security server. 2. Background technology [0002] With the gradual deepening of social informatization and networking, the security of information systems has become more and more important. More and more Internet servers (such as Web servers, FTP servers, Email servers, DNS servers) begin to run on security server equipment. In traditional security servers, security control is mainly implemented through access control. But there are still many problems in this security control mechanism, so the program behavior control technology appears. The basic principle of program behavior control is to judge whether the system is maliciously used by users according to the normal degree of program behavior or resource usage. It generally models the behavior of the program and monitors whether its behavior conforms ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F11/30
Inventor 张衡吴礼发
Owner PLA UNIV OF SCI & TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap