Identification of Programs Based on the Behavior
The algorithm of pattern mining from sequences of system calls is described. Patterns are used for process identification or establishing the fact that some sequence of system calls was produced by the process which was used in pattern extraction. Existing algorithms are computationaly more complex...
| Main Authors: | , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Yaroslavl State University
2014-12-01
|
| Series: | Моделирование и анализ информационных систем |
| Subjects: | |
| Online Access: | https://www.mais-journal.ru/jour/article/view/76 |
| _version_ | 1797877892029349888 |
|---|---|
| author | M. V. Baklanovsky A. R. Khanov |
| author_facet | M. V. Baklanovsky A. R. Khanov |
| author_sort | M. V. Baklanovsky |
| collection | DOAJ |
| description | The algorithm of pattern mining from sequences of system calls is described. Patterns are used for process identification or establishing the fact that some sequence of system calls was produced by the process which was used in pattern extraction. Existing algorithms are computationaly more complex or reveals high false positive runs in experiments in comparision with an automaton building algorithm. Our algorithm is less complex and more precise in comparision with the classical N-gram algorithm. Performance tests reveal that our kernel monitor does not significatly slow down the processing of the operating system. After 20 minutes of learning the algorithm is able to identify any thread of any process with 85% precision. Program identification based on behavior is used for anomaly detection of malicious activities in system. |
| first_indexed | 2024-04-10T02:25:11Z |
| format | Article |
| id | doaj.art-a3b6a31cdd9f40d2ba894bdc1ac56731 |
| institution | Directory Open Access Journal |
| issn | 1818-1015 2313-5417 |
| language | English |
| last_indexed | 2024-04-10T02:25:11Z |
| publishDate | 2014-12-01 |
| publisher | Yaroslavl State University |
| record_format | Article |
| series | Моделирование и анализ информационных систем |
| spelling | doaj.art-a3b6a31cdd9f40d2ba894bdc1ac567312023-03-13T08:07:33ZengYaroslavl State UniversityМоделирование и анализ информационных систем1818-10152313-54172014-12-0121612013010.18255/1818-1015-2014-6-120-13070Identification of Programs Based on the BehaviorM. V. Baklanovsky0A. R. Khanov1Санкт-Петербургский государственный университетСанкт-Петербургский государственный университетThe algorithm of pattern mining from sequences of system calls is described. Patterns are used for process identification or establishing the fact that some sequence of system calls was produced by the process which was used in pattern extraction. Existing algorithms are computationaly more complex or reveals high false positive runs in experiments in comparision with an automaton building algorithm. Our algorithm is less complex and more precise in comparision with the classical N-gram algorithm. Performance tests reveal that our kernel monitor does not significatly slow down the processing of the operating system. After 20 minutes of learning the algorithm is able to identify any thread of any process with 85% precision. Program identification based on behavior is used for anomaly detection of malicious activities in system.https://www.mais-journal.ru/jour/article/view/76поведенческий анализаномальное обнаружениевыделение шаблонов |
| spellingShingle | M. V. Baklanovsky A. R. Khanov Identification of Programs Based on the Behavior Моделирование и анализ информационных систем поведенческий анализ аномальное обнаружение выделение шаблонов |
| title | Identification of Programs Based on the Behavior |
| title_full | Identification of Programs Based on the Behavior |
| title_fullStr | Identification of Programs Based on the Behavior |
| title_full_unstemmed | Identification of Programs Based on the Behavior |
| title_short | Identification of Programs Based on the Behavior |
| title_sort | identification of programs based on the behavior |
| topic | поведенческий анализ аномальное обнаружение выделение шаблонов |
| url | https://www.mais-journal.ru/jour/article/view/76 |
| work_keys_str_mv | AT mvbaklanovsky identificationofprogramsbasedonthebehavior AT arkhanov identificationofprogramsbasedonthebehavior |