ISSN : 1796-203X
Volume : 4    Issue : 11    Date : November 2009

Detection and Classification of Non-self Based on System Call Related to Security
Jimin Li, Zhen Li, and Kunlun Li
Page(s): 1117-1124
Full Text:
PDF (647 KB)

Based on the immune mechanism, we present a computer system security model used to detect
and classify non-self, which overcomes some drawbacks of traditional computer immune system
based on system call: the large number of system calls intercepted, the loss of useful information
owing to paying no attention to the arguments of system calls, distinction between self and non-self
just by rule matching, etc. We introduce the process of non-self detection and classification based
on rule and Sandbox further distinguishing the process of unknown type, based on the definition of
system call related to security and event related to security. We resolve the problem of traditional
sandbox system: the unreliability and insecurity of process and the display of process behavior
incompletely caused by denying the execution of a system call. Experimental results verify the
effectiveness of distinguishing non-self and its class based on system call related to security, and
show that our model can detect non-self in Sandbox which is unknown type by rule matching without
imposing heavy performance impact upon operating system.

Index Terms
system call, computer immune, detection of non-self, classification, sandbox