RUS  ENG JOURNALS   PEOPLE   ORGANISATIONS   CONFERENCES   SEMINARS   VIDEO LIBRARY   PACKAGE AMSBIB
General information
Latest issue
Archive
Impact factor

Search papers
Search references

RSS
Latest issue
Current issues
Archive issues
What is RSS



Model. Anal. Inform. Sist.:
Year:
Volume:
Issue:
Page:
Find






Personal entry:
Login:
Password:
Save password
Enter
Forgotten password?
Register


Model. Anal. Inform. Sist., 2014, Volume 21, Number 6, Pages 120–130 (Mi mais417)  

Identification of programs based on the behavior

M. V. Baklanovsky, A. R. Khanov

Saint Petersburg State University, Saint-Petersburg, Petergof, Universitetskii pr., 28, 198504, Russia

Abstract: The algorithm of pattern mining from sequences of system calls is described. Patterns are used for process identification or establishing the fact that some sequence of system calls was produced by the process which was used in pattern extraction. Existing algorithms are computationaly more complex or reveals high false positive runs in experiments in comparision with an automaton building algorithm. Our algorithm is less complex and more precise in comparision with the classical N-gram algorithm. Performance tests reveal that our kernel monitor does not significatly slow down the processing of the operating system. After 20 minutes of learning the algorithm is able to identify any thread of any process with 85% precision. Program identification based on behavior is used for anomaly detection of malicious activities in system.

Keywords: behavior analysis, anomaly detection, pattern mining.

Full text: PDF file (350 kB)
References: PDF file   HTML file
UDC: 519.686.2
Received: 19.09.2014

Citation: M. V. Baklanovsky, A. R. Khanov, “Identification of programs based on the behavior”, Model. Anal. Inform. Sist., 21:6 (2014), 120–130

Citation in format AMSBIB
\Bibitem{BakKha14}
\by M.~V.~Baklanovsky, A.~R.~Khanov
\paper Identification of programs based on the behavior
\jour Model. Anal. Inform. Sist.
\yr 2014
\vol 21
\issue 6
\pages 120--130
\mathnet{http://mi.mathnet.ru/mais417}


Linking options:
  • http://mi.mathnet.ru/eng/mais417
  • http://mi.mathnet.ru/eng/mais/v21/i6/p120

    SHARE: VKontakte.ru FaceBook Twitter Mail.ru Livejournal Memori.ru


    Citing articles on Google Scholar: Russian citations, English citations
    Related articles on Google Scholar: Russian articles, English articles
  • Моделирование и анализ информационных систем
    Number of views:
    This page:213
    Full text:69
    References:9

     
    Contact us:
     Terms of Use  Registration  Logotypes © Steklov Mathematical Institute RAS, 2020