基于进程代数的并发行为检测模型

Modelof ConcurrentBehaviorDetectionBasedonProcessAlgebra

作者：马川(燕山大学信息科学与工程学院)；王涛(燕山大学信息科学与工程学院;河北科技师范学院)；申利民(燕山大学信息科学与工程学院)

Author：Ma Chuan(CollegeofInfo.Sci.andEng.,YanshanUniv.)；Wang Tao(CollegeofInfo.Sci.andEng.,YanshanUniv.;HebeiNormalUniv.ofSci.&Technol.)；Shen Limin(CollegeofInfo.Sci.andEng.,YanshanUniv.)

收稿日期：2013-06-20 年卷（期）页码：2014,46(1):35-40

期刊名称：工程科学与技术

Journal Name：Advanced Engineering Sciences

关键字：入侵检测；并发行为；静态分析；进程代数；系统调用

Key words：intrusiondetection;concurrentbehavior;staticanalysis;processalgebra;systemcall

基金项目：国家自然科学基金资助项目(61272125)；教育部高等学校博士学科点专项科研基金资助项目(20121333110014)；河北省自然科学基金资助项目(F2011203234)

中文摘要

针对并发行为难以描述和检测的问题，引入进程代数对系统调用序列进行分析，提出一种描述和检测并发行为的模型。首先通过静态分析二进制码得到系统的控制流程图，并对流程图进行分析生成进程表达式；接着针对并发行为的互斥和同步关系重写表达式，向表达式中添加并发操作；然后通过扩展进程代数的性质和运算法则构造出动作、算子和进程3个基本元素，进而建立了模型；最后给出并发行为检测的方法并对模型的时空效率进行了分析和验证。理论分析和实验表明，所提出的方法具有线性的时间和空间复杂度。

英文摘要

By introducing process algebra to analyze system call sequences, a model of description and detection concurrent behavior was presented. Firstly, control flow graphs of system (CFGs) were generated by static binary code analysis. Secondly, by analyzing CFGs, process expressions were generated. Then according to synchronization and mutex of concurrent behaviors, process expressions were rewritten by adding concurrent operation. By extending algebraic properties and algorithms, three basic elements (action, operator and process) were constructed. Finally, the CBDPA model was constructed and concurrent behavior detection methods were given. Experiments demonstrated that this method has linear space-time complexity.

【关闭】

论文摘要

基于进程代数的并发行为检测模型

Modelof ConcurrentBehaviorDetectionBasedonProcessAlgebra