Task-based behavior detection of illegal codes

Lansheng Han; Cai Fu; Deqing Zou; Chang Hoon Lee; Wenjing Jia

doi:10.1016/j.mcm.2011.01.052

Task-based behavior detection of illegal codes

Lansheng Han, Cai Fu, Deqing Zou, Chang Hoon Lee, Wenjing Jia

Dept. of Computer Science and Engineering

Research output: Contribution to journal › Article › peer-review

4 Scopus citations

Abstract

Detecting unseen illegal codes is always a challenging task. As the main action to deal with this problem, the behavior detection is unsatisfactory in both effectiveness and efficiency. This paper proposes task-based behavior detection (TBBD) which detects new illegal codes based on the user's task instead of only on the software behavior. First, the paper proposes three prerequisites of TBBD and four judgment rules, i.e., resource abnormal rule, relation abnormal rule, space abnormal rule and time abnormal rule. Then, by analyzing the effectiveness and comparison of the four judgment rules, we present an explicit judgment process of TBBD. Finally, the paper carries on the experiments. The test result verifies the validity and feasibility of TBBD.

Original language	English
Pages (from-to)	80-86
Number of pages	7
Journal	Mathematical and Computer Modelling
Volume	55
Issue number	1-2
DOIs	https://doi.org/10.1016/j.mcm.2011.01.052
State	Published - Jan 2012

Keywords

Computer security
Illegal codes
Malicious codes
Task-based behavior detection

Access to Document

10.1016/j.mcm.2011.01.052

Cite this

@article{c620fbc4d32b4251b075b401489b60ad,

title = "Task-based behavior detection of illegal codes",

abstract = "Detecting unseen illegal codes is always a challenging task. As the main action to deal with this problem, the behavior detection is unsatisfactory in both effectiveness and efficiency. This paper proposes task-based behavior detection (TBBD) which detects new illegal codes based on the user's task instead of only on the software behavior. First, the paper proposes three prerequisites of TBBD and four judgment rules, i.e., resource abnormal rule, relation abnormal rule, space abnormal rule and time abnormal rule. Then, by analyzing the effectiveness and comparison of the four judgment rules, we present an explicit judgment process of TBBD. Finally, the paper carries on the experiments. The test result verifies the validity and feasibility of TBBD.",

keywords = "Computer security, Illegal codes, Malicious codes, Task-based behavior detection",

author = "Lansheng Han and Cai Fu and Deqing Zou and Lee, \{Chang Hoon\} and Wenjing Jia",

year = "2012",

month = jan,

doi = "10.1016/j.mcm.2011.01.052",

language = "English",

volume = "55",

pages = "80--86",

journal = "Mathematical and Computer Modelling",

issn = "0895-7177",

number = "1-2",

}

TY - JOUR

T1 - Task-based behavior detection of illegal codes

AU - Han, Lansheng

AU - Fu, Cai

AU - Zou, Deqing

AU - Lee, Chang Hoon

AU - Jia, Wenjing

PY - 2012/1

Y1 - 2012/1

N2 - Detecting unseen illegal codes is always a challenging task. As the main action to deal with this problem, the behavior detection is unsatisfactory in both effectiveness and efficiency. This paper proposes task-based behavior detection (TBBD) which detects new illegal codes based on the user's task instead of only on the software behavior. First, the paper proposes three prerequisites of TBBD and four judgment rules, i.e., resource abnormal rule, relation abnormal rule, space abnormal rule and time abnormal rule. Then, by analyzing the effectiveness and comparison of the four judgment rules, we present an explicit judgment process of TBBD. Finally, the paper carries on the experiments. The test result verifies the validity and feasibility of TBBD.

AB - Detecting unseen illegal codes is always a challenging task. As the main action to deal with this problem, the behavior detection is unsatisfactory in both effectiveness and efficiency. This paper proposes task-based behavior detection (TBBD) which detects new illegal codes based on the user's task instead of only on the software behavior. First, the paper proposes three prerequisites of TBBD and four judgment rules, i.e., resource abnormal rule, relation abnormal rule, space abnormal rule and time abnormal rule. Then, by analyzing the effectiveness and comparison of the four judgment rules, we present an explicit judgment process of TBBD. Finally, the paper carries on the experiments. The test result verifies the validity and feasibility of TBBD.

KW - Computer security

KW - Illegal codes

KW - Malicious codes

KW - Task-based behavior detection

UR - https://www.scopus.com/pages/publications/82755194886

U2 - 10.1016/j.mcm.2011.01.052

DO - 10.1016/j.mcm.2011.01.052

M3 - Article

AN - SCOPUS:82755194886

SN - 0895-7177

VL - 55

SP - 80

EP - 86

JO - Mathematical and Computer Modelling

JF - Mathematical and Computer Modelling

IS - 1-2

ER -

Task-based behavior detection of illegal codes

Abstract

Keywords

Access to Document

Other files and links

Fingerprint

Cite this