作　　者： ; ; ;

机构地区： 燕山大学信息科学与工程学院

出　　处： 《四川大学学报（工程科学版）》 2014年第1期35-40,共6页

摘　　要： 针对并发行为难以描述和检测的问题,引入进程代数对系统调用序列进行分析,提出一种描述和检测并发行为的模型。首先通过静态分析二进制码得到系统的控制流程图,并对流程图进行分析生成进程表达式;接着针对并发行为的互斥和同步关系重写表达式,向表达式中添加并发操作;然后通过扩展进程代数的性质和运算法则构造出动作、算子和进程3个基本元素,进而建立了模型;最后给出并发行为检测的方法并对模型的时空效率进行了分析和验证。理论分析和实验表明,所提出的方法具有线性的时间和空间复杂度。 By introducing process algebra to analyze system call sequences, a model of description and detection concurrent behavior was presented. Firstly, control flow graphs of system （CFGs） were generated by static binary code analysis. Secondly, by analyzing CFGs, process expressions were generated. Then according to synchronization and mutex of concurrent behaviors, process expressions were rewritten by adding concurrent operation. By extending algebraic properties and algorithms, three basic elements （ action, operator and process） were constructed. Finally, the CBDPA model was constructed and concurrent behavior detection methods were given. Ex- periments demonstrated that this method has linear space-time complexity.

关 键 词： 入侵检测 并发行为 静态分析 进程代数 系统调用

领　　域： [自动化与计算机技术] [自动化与计算机技术]