Intrusion detection method for program vulnerability via library calls


Library function call sequence is the direct reflection of a program’s behavior. The relationship between program vulnerability and library calls is analyzed, and an intrusion detection method via library calls is proposed, in which the short sequences of library call are used as signature profile. In this intrusion detection method, library interposition is used to hook library calls, and with the discussion of the features of the library call sequence in detail, an algorithm based on information-theory is applied to determine the appropriate length of the library call sequence. Experiments show good performance of our method against intrusions caused by the popular program vulnerabilities.

DOI: 10.1007/s11859-006-0237-4

4 Figures and Tables

Cite this paper

@article{Duan2006IntrusionDM, title={Intrusion detection method for program vulnerability via library calls}, author={Xuetao Duan and Anming Zhong and Ying Li and Chunfu Jia}, journal={Wuhan University Journal of Natural Sciences}, year={2006}, volume={12}, pages={126-130} }