| 基于非定长系统调用序列的程序行为动态度量方法 |
| |
| 引用本文: | 蔡洪波. 基于非定长系统调用序列的程序行为动态度量方法[J]. 计算机应用研究, 2016, 33(4) |
| |
| 作者姓名: | 蔡洪波 |
| |
| 作者单位: | 数学工程与先进计算国家重点实验室 |
| |
| 基金项目: | 国家自然科学基金资助项目 |
| |
| 摘 要: | 针对目前程序动态度量研究中实时性与准确性较差的问题,提出了一种利用程序行为特征进行度量的方法。 通过筛选程序运行过程中产生的系统调用,依据其关联特性构成非定长系统调用序列作为程序的行为特征;采用后缀树结构设计实时特征度量匹配算法(feature matching with updating suffix tree,FMUS),实现了程序运行过程中的实时特征匹配。 实验表明,该方法具有较高的准确率和低时间耗费比。
|
| 关 键 词: | 动态度量;行为特征;非定长;系统调用序列;后缀树 |
| 收稿时间: | 2015-01-05 |
| 修稿时间: | 2016-02-22 |
Dynamic measurement of program behavior based on variable-length system call sequence |
| |
| CaiHongbo. Dynamic measurement of program behavior based on variable-length system call sequence[J]. Application Research of Computers, 2016, 33(4) |
| |
| Authors: | CaiHongbo |
| |
| Affiliation: | State Key Laboratory of Mathematical Engineering and Advanced Computing |
| |
| Abstract: | Aiming at the problem of poor instantaneity and low accuracy in current study, this paper proposed one kind of measurement method using the program behavior feature. It constituted variable-length system call sequences according to the sifting and relevance analyzing of system calls generated from running program as behavior features. It devised the FMUS algorithm based on suffix tree and achieved the feature matching when program was running. Experiments on the selected samples show that this method has high accuracy and low time expending rate. |
| |
| Keywords: | dynamic measurement behavior feature variable length system call sequence suffix tree |
|
| 点击此处可从《计算机应用研究》浏览原始摘要信息 |
|
点击此处可从《计算机应用研究》下载全文 |
