A Novel Anomaly Detection Approach for Executable Program Security

Author

Pan, Wei ; Li, Weihua ; Zhao, Wanxin

Author_Institution

Sch. of Comput. Sci., Northwestern Polytech. Univ., Xi´´an, China

Volume

1

fYear

2009

fDate

18-20 Nov. 2009

Firstpage

422

Lastpage

426

Abstract

Anomaly detection of executable program is a security detection solution that examines whether security violation issues exist in programs. The paper presents a novel anomaly detection approach for executable program security (ADEPS), which monitors program executions and detects anomalous program behaviors. Through reverse analysis of executable program, critical behavior monitoring points can be extracted from binary code sequences and memory space. A hybrid neural network model is proposed to detect abnormal attacks and classify detected attacks from actual program behaviors. The experimental results demonstrate that the proposed approach can effectively and accurately perform anomaly detection.

Keywords

neural nets; security of data; anomaly detection approach; binary code sequences; critical behavior monitoring points; executable program security; hybrid neural network model; memory space; security detection solution; security violation; Binary codes; Computer science; Computer security; Data mining; Information security; Libraries; Monitoring; Neural networks; Radial basis function networks; Runtime; anomaly detection; executable program; neural network; reverse analysis;

fLanguage

English

Publisher

ieee

Conference_Titel

Multimedia Information Networking and Security, 2009. MINES '09. International Conference on

Conference_Location

Hubei

Print_ISBN

978-0-7695-3843-3

Electronic_ISBN

978-1-4244-5068-8

Type

conf

DOI

10.1109/MINES.2009.159

Filename

5371023