• DocumentCode
    2941447
  • Title

    A Novel Anomaly Detection Approach for Executable Program Security

  • Author

    Pan, Wei ; Li, Weihua ; Zhao, Wanxin

  • Author_Institution
    Sch. of Comput. Sci., Northwestern Polytech. Univ., Xi´´an, China
  • Volume
    1
  • fYear
    2009
  • fDate
    18-20 Nov. 2009
  • Firstpage
    422
  • Lastpage
    426
  • Abstract
    Anomaly detection of executable program is a security detection solution that examines whether security violation issues exist in programs. The paper presents a novel anomaly detection approach for executable program security (ADEPS), which monitors program executions and detects anomalous program behaviors. Through reverse analysis of executable program, critical behavior monitoring points can be extracted from binary code sequences and memory space. A hybrid neural network model is proposed to detect abnormal attacks and classify detected attacks from actual program behaviors. The experimental results demonstrate that the proposed approach can effectively and accurately perform anomaly detection.
  • Keywords
    neural nets; security of data; anomaly detection approach; binary code sequences; critical behavior monitoring points; executable program security; hybrid neural network model; memory space; security detection solution; security violation; Binary codes; Computer science; Computer security; Data mining; Information security; Libraries; Monitoring; Neural networks; Radial basis function networks; Runtime; anomaly detection; executable program; neural network; reverse analysis;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Multimedia Information Networking and Security, 2009. MINES '09. International Conference on
  • Conference_Location
    Hubei
  • Print_ISBN
    978-0-7695-3843-3
  • Electronic_ISBN
    978-1-4244-5068-8
  • Type

    conf

  • DOI
    10.1109/MINES.2009.159
  • Filename
    5371023