China
Africa
Explore chapters and articles related to this topic
Multi-Pattern Matching Based Dynamic Malware Detection in Smart Phones
Published in Krzysztof Iniewski, Santosh K. Kurinec, Sumeet Walia, Energy Efficient Computing & Electronics, 2019
V. S. Devi, S. Roopak, Tony Thomas, Md. Meraj Uddin
System calls can also be considered as direct entry points into the kernel. Using system calls, programs request services from the kernel. Linux system calls are the interface between user applications and the kernel services. They allow programs to perform tasks that would not normally be permitted. It allows user-level processes to request some services from the operating system. The operating system will enter in the kernel mode and perform desired service on behalf of the user-level process. System calls provide various functions to user applications. It includes file operations, such as open, read, and write; network-based operations, such as connect, send, and receive; or process operations, which include creating a new process or killing a process. Information regarding an application’s behavior can be found from system call traces. Therefore, it is widely used in the field of anomaly detection. The list of common Linux system calls is given in Table 15.1.
S
Published in Phillip A. Laplante, Dictionary of Computer Science, Engineering, and Technology, 2017
software interrupt a machine instruction that initiates an interrupt function. Software interrupts are often used for system calls because they can be executed from anywhere in memory and the processor provides the necessary return address handling. Also known as a Supervisor Call instruction (SVC) (IBM mainframes) or INT instruction (Intel X86).
Insider Intrusion Detection Techniques: A State-of-the-Art Review
Published in Journal of Computer Information Systems, 2023
System call-based anomaly detection using finite state machines in pattern matching started getting the catch and the technique got improvements by using program counter,15 sliding window technique16 and TF-IDF statistical model.17 The technique found successful in detecting mimicry attacks when combined with the Bayesian model.18 Other than system call sequences, host-based attributes such as Unix commands, operating system commands, process data, file and operating system attributes are also used in creating naïve user profiles by applying techniques such as Hellinger Distance metric method,19 Fuzzy approach,20 signature-based ITPSL (Insider Threat Specification Language) expression,21 Fault Tree Analysis.22
A mathematical multi-dimensional mechanism to improve process migration efficiency in peer-to-peer computing environments
Published in Cogent Engineering, 2018
Ehsan Mousavi Khaneghah, Reyhaneh Noorabad Ghahroodi, Amirhosein Reyhani ShowkatAbad
The concept of Usage from process migration management viewpoint and the load balancer viewpoint is different. From the load balancer viewpoint, Usage of a global process is the time usage of central processing unit (or also the network bandwidth or memory allocation). From the process migration management viewpoint, the concept of Usage is the modified memory pages on the source machine. In process migration management viewpoint, the Usage concept includes the network bandwidth, central processing unit’s allocation of source machine, and also the execution of system call on the destination machine. When a global process begins to modify a memory page in source machine, it means that all processes use destination processor, source processor, and the network bandwidth.
FloVasion: Towards Detection of non-sensitive Variable Based Evasive Information-Flow in Android Apps
Published in IETE Journal of Research, 2022
Bharat Buddhadev, Parvez Faruki, Manoj Singh Gaur, Shubham Kharche, Akka Zemmari
The alerted user may appropriately opt to refuse access to external API to prevent sensitive information leakage [52]. Zheng et al. [31] proposed DroidTrace, Android based dynamic analysis system which allows analysts to perform a systematic analysis of dynamic payloads with malicious behaviors. The proposed approach employs ptrace, a linux monitoring utility to detect malicious apps via dynamic forwarding capability. DroidTrace classifies native payloads via system call sequences to detect low level functions such as file access, network information, and inter-process communication details.