|
|
计算机科学 2010
Enhanced Approach to Anomalous Program Behaviors Detection
|
Abstract:
Anomaly detection is an important method for protecting program.Traditionally a program is protected by means of monitoring system call,but the invoked address is often ignored.This paper presented a new audit event named as L-Call to describe the program behavior,which is the system call with invoked address in nature.A Chebyshev inequality-based method was also presented to evaluate the deviation of program behavior from normal.The deviation degree that we named as anomaly degree is based on the likelihoo...
