摘要:According to the problems of high time overhead of capturing the system call context by walking the stack and inaccuracy of system call argument policies for traditional software behavior models, a software behavior automaton model based on system call and context is proposed. First, data flow information containing system call argument policies is combined with software control flow and is used to anomaly detection of software behavior. Second, a new approach of context value for capturing system call context with accuracy and low time overhead is proposed. Third, system call argument context based on system call context is introduced and system call argument policies based on context including system call context and system call argument context are presented. The experimental results show that the software behavior automaton model based on system call and context can capture the system call context accurately with low time overhead, can describe system call argument policies precisely, and can well detect the anomaly of software behavior based on control flow and data flow.
关键词:software behavior; automaton; system call; context; system call argument
