JCP 2009 Vol.4(11): 1117-1124 ISSN: 1796-203X
doi: 10.4304/jcp.4.11.1117-1124
doi: 10.4304/jcp.4.11.1117-1124
Detection and Classification of Non-self Based on System Call Related to Security
Jimin Li1, 2, Zhen Li2, Kunlun Li3
1College of Computer Science and Technology,Tianjin University, Tianjin, China
2College of Mathematics and Computer, Hebei University, Baoding, China
3College of Electronic and Information Engineering, Hebei University, Baoding, China
Abstract—Based on the immune mechanism, we present a computer system security model used to detect and classify non-self, which overcomes some drawbacks of traditional computer immune system based on system call: the large number of system calls intercepted, the loss of useful information owing to paying no attention to the arguments of system calls, distinction between self and non-self just by rule matching, etc. We introduce the process of non-self detection and classification based on rule and Sandbox further distinguishing the process of unknown type, based on the definition of system call related to security and event related to security. We resolve the problem of traditional sandbox system: the unreliability and insecurity of process and the display of process behavior incompletely caused by denying the execution of a system call. Experimental results verify the effectiveness of distinguishing non-self and its class based on system call related to security, and show that our model can detect non-self in Sandbox which is unknown type by rule matching without imposing heavy performance impact upon operating system.
Index Terms—System call, computer immune, detection of non-self, classification, sandbox.
2College of Mathematics and Computer, Hebei University, Baoding, China
3College of Electronic and Information Engineering, Hebei University, Baoding, China
Abstract—Based on the immune mechanism, we present a computer system security model used to detect and classify non-self, which overcomes some drawbacks of traditional computer immune system based on system call: the large number of system calls intercepted, the loss of useful information owing to paying no attention to the arguments of system calls, distinction between self and non-self just by rule matching, etc. We introduce the process of non-self detection and classification based on rule and Sandbox further distinguishing the process of unknown type, based on the definition of system call related to security and event related to security. We resolve the problem of traditional sandbox system: the unreliability and insecurity of process and the display of process behavior incompletely caused by denying the execution of a system call. Experimental results verify the effectiveness of distinguishing non-self and its class based on system call related to security, and show that our model can detect non-self in Sandbox which is unknown type by rule matching without imposing heavy performance impact upon operating system.
Index Terms—System call, computer immune, detection of non-self, classification, sandbox.
Cite: Jimin Li, Zhen Li, Kunlun Li, "Detection and Classification of Non-self Based on System Call Related to Security," Journal of Computers vol. 4, no. 11, pp. 1117-1124, 2009.
General Information
ISSN: 1796-203X
Abbreviated Title: J.Comput.
Frequency: Bimonthly
Abbreviated Title: J.Comput.
Frequency: Bimonthly
Editor-in-Chief: Prof. Liansheng Tan
Executive Editor: Ms. Nina Lee
Abstracting/ Indexing: DBLP, EBSCO, ProQuest, INSPEC, ULRICH's Periodicals Directory, WorldCat,etc
E-mail: jcp@iap.org
-
Nov 14, 2019 News!
Vol 14, No 11 has been published with online version [Click]
-
Mar 20, 2020 News!
Vol 15, No 2 has been published with online version [Click]
-
Dec 16, 2019 News!
Vol 14, No 12 has been published with online version [Click]
-
Sep 16, 2019 News!
Vol 14, No 9 has been published with online version [Click]
-
Aug 16, 2019 News!
Vol 14, No 8 has been published with online version [Click]
- Read more>>