Model-based intrusion detection by abstract interpretation

Jingyu Hua; Takashi Nishide; Kouichi Sakurai

doi:10.1109/SAINT.2010.107

Model-based intrusion detection by abstract interpretation

Jingyu Hua, Takashi Nishide, Kouichi Sakurai

Mathematical Informatics

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

Model-based intrusion detection works by comparing a process's runtime behavior with a pre-computed normal program model. This paper studies this technology from the viewpoint of abstract interpretation theory. We regard different program behavior models used to perform intrusion detection as different abstractions of the concrete trace semantics of programs. Based on this point, we formally define model-based intrusion detection and present a generic generation algorithm for program models on a provided abstraction domain. Eventually, we discuss how to use this mechanism to implement a real intrusion detection model proposed by us before.

Original language	English
Title of host publication	Proceedings - 2010 10th Annual International Symposium on Applications and the Internet, SAINT 2010
Pages	359-362
Number of pages	4
DOIs	https://doi.org/10.1109/SAINT.2010.107
Publication status	Published - 2010
Event	2010 10th Annual International Symposium on Applications and the Internet, SAINT 2010 - Seoul, Korea, Republic of Duration: Jul 19 2010 → Jul 23 2010

Publication series

Name	Proceedings - 2010 10th Annual International Symposium on Applications and the Internet, SAINT 2010

Other

Other	2010 10th Annual International Symposium on Applications and the Internet, SAINT 2010
Country/Territory	Korea, Republic of
City	Seoul
Period	7/19/10 → 7/23/10

All Science Journal Classification (ASJC) codes

Computer Networks and Communications
Computer Science Applications

Access to Document

10.1109/SAINT.2010.107

Cite this

Hua, J., Nishide, T., & Sakurai, K. (2010). Model-based intrusion detection by abstract interpretation. In Proceedings - 2010 10th Annual International Symposium on Applications and the Internet, SAINT 2010 (pp. 359-362). Article 5598041 (Proceedings - 2010 10th Annual International Symposium on Applications and the Internet, SAINT 2010). https://doi.org/10.1109/SAINT.2010.107

Model-based intrusion detection by abstract interpretation. / Hua, Jingyu; Nishide, Takashi; Sakurai, Kouichi.
Proceedings - 2010 10th Annual International Symposium on Applications and the Internet, SAINT 2010. 2010. p. 359-362 5598041 (Proceedings - 2010 10th Annual International Symposium on Applications and the Internet, SAINT 2010).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Hua, J, Nishide, T & Sakurai, K 2010, Model-based intrusion detection by abstract interpretation. in Proceedings - 2010 10th Annual International Symposium on Applications and the Internet, SAINT 2010., 5598041, Proceedings - 2010 10th Annual International Symposium on Applications and the Internet, SAINT 2010, pp. 359-362, 2010 10th Annual International Symposium on Applications and the Internet, SAINT 2010, Seoul, Korea, Republic of, 7/19/10. https://doi.org/10.1109/SAINT.2010.107

@inproceedings{e1c2ba96f98c4f8e997f89821bf8fa75,

title = "Model-based intrusion detection by abstract interpretation",

abstract = "Model-based intrusion detection works by comparing a process's runtime behavior with a pre-computed normal program model. This paper studies this technology from the viewpoint of abstract interpretation theory. We regard different program behavior models used to perform intrusion detection as different abstractions of the concrete trace semantics of programs. Based on this point, we formally define model-based intrusion detection and present a generic generation algorithm for program models on a provided abstraction domain. Eventually, we discuss how to use this mechanism to implement a real intrusion detection model proposed by us before.",

author = "Jingyu Hua and Takashi Nishide and Kouichi Sakurai",

note = "Copyright: Copyright 2010 Elsevier B.V., All rights reserved.; 2010 10th Annual International Symposium on Applications and the Internet, SAINT 2010 ; Conference date: 19-07-2010 Through 23-07-2010",

year = "2010",

doi = "10.1109/SAINT.2010.107",

language = "English",

isbn = "9780769541075",

series = "Proceedings - 2010 10th Annual International Symposium on Applications and the Internet, SAINT 2010",

pages = "359--362",

booktitle = "Proceedings - 2010 10th Annual International Symposium on Applications and the Internet, SAINT 2010",

}

TY - GEN

T1 - Model-based intrusion detection by abstract interpretation

AU - Hua, Jingyu

AU - Nishide, Takashi

AU - Sakurai, Kouichi

PY - 2010

Y1 - 2010

N2 - Model-based intrusion detection works by comparing a process's runtime behavior with a pre-computed normal program model. This paper studies this technology from the viewpoint of abstract interpretation theory. We regard different program behavior models used to perform intrusion detection as different abstractions of the concrete trace semantics of programs. Based on this point, we formally define model-based intrusion detection and present a generic generation algorithm for program models on a provided abstraction domain. Eventually, we discuss how to use this mechanism to implement a real intrusion detection model proposed by us before.

AB - Model-based intrusion detection works by comparing a process's runtime behavior with a pre-computed normal program model. This paper studies this technology from the viewpoint of abstract interpretation theory. We regard different program behavior models used to perform intrusion detection as different abstractions of the concrete trace semantics of programs. Based on this point, we formally define model-based intrusion detection and present a generic generation algorithm for program models on a provided abstraction domain. Eventually, we discuss how to use this mechanism to implement a real intrusion detection model proposed by us before.

UR - http://www.scopus.com/inward/record.url?scp=78649312530&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=78649312530&partnerID=8YFLogxK

U2 - 10.1109/SAINT.2010.107

DO - 10.1109/SAINT.2010.107

M3 - Conference contribution

AN - SCOPUS:78649312530

SN - 9780769541075

T3 - Proceedings - 2010 10th Annual International Symposium on Applications and the Internet, SAINT 2010

SP - 359

EP - 362

BT - Proceedings - 2010 10th Annual International Symposium on Applications and the Internet, SAINT 2010

T2 - 2010 10th Annual International Symposium on Applications and the Internet, SAINT 2010

Y2 - 19 July 2010 through 23 July 2010

ER -

Model-based intrusion detection by abstract interpretation

Abstract

Publication series

Other

All Science Journal Classification (ASJC) codes

Access to Document

Other files and links

Fingerprint

Cite this