| 一种基于资源操作域的主机防护模型 |
| |
| 引用本文: | 周顺先,陈浩文,池鹏.一种基于资源操作域的主机防护模型[J].计算机工程与应用,2006,42(5):152-155. |
| |
| 作者姓名: | 周顺先 陈浩文 池鹏 |
| |
| 作者单位: | 湖南大学软件学院,长沙,410082 |
| |
| 摘 要: | 论文提出了一种基于资源操作域的主机防护模型,该模型抛开了基于网络攻击数据特征码匹配构建主机防护系统的传统思路,从系统资源入手,立足于控制进程行为,力求建立一个授权访问系统资源的进程以及操作方法的最小集合。讨论了该模型的构建和运用方法,包括:通过采样、学习和修正这一反复过程构建目标系统的资源操作域;设置防护检查点、截获系统调用、基于资源操作域的检索和匹配等操作进行行为合法性验证。最后,对该模型进行了性能分析。
|
| 关 键 词: | 主机防护 进程域 资源域 操作集 资源操作域 |
| 文章编号: | 1002-8331-(2006)05-0152-04 |
| 收稿时间: | 2005-06 |
| 修稿时间: | 2005-06 |
A Model for Protecting Host Based on Resource Operation Domain |
| |
| Zhou Shunxian,Chen Haowen,Chi Peng.A Model for Protecting Host Based on Resource Operation Domain[J].Computer Engineering and Applications,2006,42(5):152-155. |
| |
| Authors: | Zhou Shunxian Chen Haowen Chi Peng |
| |
| Affiliation: | Software School of Hunan University, Changsha 410082 |
| |
| Abstract: | In this paper,a model is proposed for protecting host based on Resource Operation Domain.The model discards the traditional thought,which using pattern matching for protecting host based on network attack data.At beginning of system resource,control the process behaviors and construct the least set of authorized system processes and processes operated method for special system resource.Construction and using of the model are discussed thoroughly. The ROD of special system is constructed through an iterated process of sampling,learning and modifying.Setting the protected check point,capturing the special system call,searching and matching the ROD validate the system behaviors. At last,performance of the model is analyzed. |
| |
| Keywords: | host protected process domain resource domain operation set resource operation domain |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
|
