journal article
Open Access
Feb 17, 2024
Program Behavior Dynamic Trust Measurement and Evaluation Based on Data Analysis
Abstract
Industrial control terminals play an important role in industrial control scenarios. Due to the special nature of industrial control networks, industrial control terminal systems are vulnerable to malicious attacks, which can greatly threaten the stability and security of industrial production environments. Traditional security protection methods for industrial control terminals have coarse detection granularity, and are unable to effectively detect and prevent attacks, lacking real-time responsiveness to attack events. Therefore, this paper proposes a real-time dynamic credibility evaluation mechanism based on program behavior, which integrates the matching and symmetry ideas of credibility evaluation. By conducting a real-time dynamic credibility evaluation of function call sequences and system call sequences during program execution, the credibility of industrial control terminal application program behavior can be judged. To solve the problem that the system calls generated during program execution are unstable and difficult to measure, this paper proposes a partition-based dynamic credibility evaluation method, dividing program behavior during runtime into function call behavior and system call behavior within function intervals. For function call behavior, a sliding window-based function call sequence benchmark library construction method is proposed, which matches and evaluates real-time measurement results based on the benchmark library, thereby achieving symmetry between the benchmark library and the measured data. For system call behavior, a maximum entropy system call model is constructed, which is used to evaluate the credibility of system call sequences. Experiment results demonstrate that our method performs better in both detection success rate and detection speed compared to the existing methods.
Topics
No keywords indexed for this article. Browse by subject →
References
33
[1]
Tsochev, G., Trifonov, R., Nakov, O., Manolov, S., and Pavlova, G. (2020, January 1–3). Cyber security: Threats and Challenges. Proceedings of the 2020 International Conference Automatics and Informatics (ICAI), Varna, Bulgaria.
10.1109/icai50593.2020.9311369
[2]
Ani "Design considerations for building credible security testbeds: Perspectives from industrial control system use cases" J. Cyber Secur. Technol. (2021) 10.1080/23742917.2020.1843822
[3]
Zhang, L., Meng, Y., Yu, J., Xiang, C., Falk, B., and Zhu, H. (2020, January 6–9). Voiceprint Mimicry Attack Towards Speaker Verification System in Smart Home. Proceedings of the IEEE INFOCOM 2020—IEEE Conference on Computer Communications, Toronto, ON, Canada.
10.1109/infocom41043.2020.9155483
[4]
Luo "BLE neighbor discovery parameter configuration for IoT applications" IEEE Access (2019) 10.1109/access.2019.2912493
[5]
Khedker, U., Sanyal, A., and Sathe, B. (2017). Data Flow Analysis: Theory and Practice, CRC Press.
10.1201/9780849332517
[6]
Aghakhani, H., Gritti, F., Mecca, F., Lindorfer, M., Ortolani, S., Balzarotti, D., Vigna, G., and Kruegel, C. (2020, January 23–26). When malware is packin’ heat: Limits of machine learning classifiers based on static analysis features. Proceedings of the Network and Distributed Systems Security (NDSS) Symposium 2020, San Diego, CA, USA.
10.14722/ndss.2020.24310
[7]
Shestakov "Dynamic measuring methods: A review" Acta IMEKO. (2019) 10.21014/acta_imeko.v8i1.568
[8]
Sailer, R., Zhang, X., Jaeger, T., and van Doorn, L. (2004, January 9–13). Design and implementation of a TCG-based integrity measurement architecture. Proceedings of the 13th USENIX Security Symposium 2004, San Diego, CA, USA.
[9]
Koruyeh, E.M., Shirazi, S.H.A., Khasawneh, K.N., Song, C., and Abu-Ghazaleh, N. (2020, January 18–21). Speccfi: Mitigating spectre attacks using CFI informed speculation. Proceedings of the 2020 IEEE Symposium on Security and Privacy (SP), San Francisco, CA, USA.
10.1109/sp40000.2020.00033
[10]
Jeong "A CFI countermeasure against GOT overwrite attacks" IEEE Access (2020) 10.1109/access.2020.2975037
[11]
Feng "FastCFI: Real-time control-flow integrity using FPGA without code instrumentation" ACM Trans. Des. Autom. Electron. Syst. TODAES (2021) 10.1145/3458471
[12]
Serra, G., Fara, P., Cicero, G., Restuccia, F., and Biondi, A. (2022, January 3). PAC-PL: Enabling control-flow integrity with pointer authentication in FPGA SoC platforms. Proceedings of the 2022 IEEE 28th Real-Time and Embedded Technology and Applications Symposium (RTAS), Milano, Italy.
10.1109/rtas54340.2022.00027
[13]
She, C., Chen, L., and Shi, G. (2022, January 28–30). TFCFI: Transparent Forward Fine-grained Control-Flow Integrity Protection. Proceedings of the 2022 IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), Wuhan, China.
10.1109/trustcom56396.2022.00063
[14]
Moghadam, V.E., Prinetto, P., and Roascio, G. (2022, January 23–27). Real-Time Control-Flow Integrity for Multicore Mixed-Criticality IoT Systems. Proceedings of the 2022 IEEE European Test Symposium (ETS), Barcelona, Spain.
[15]
Li, Y., Wang, M., Zhang, C., Chen, X., Yang, S., and Liu, Y. (2020, January 9–13). Finding cracks in shields: On the security of control flow integrity mechanisms. Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security, Virtual.
10.1145/3372297.3417867
[16]
Abera, T., Asokan, N., Davi, L., Ekberg, J.-E., Nyman, T., Paverd, A., Sadeghi, A.R., and Tsudik, G. (2016).
[17]
Hu, H., Shinde, S., Adrian, S., Chua, Z.L., Saxena, P., and Liang, Z. (2016, January 23–25). Data-Oriented Programming: On the Expressiveness of Non-control Data Attacks. Proceedings of the 2016 IEEE Symposium on Security and Privacy (S&P), San Jose, CA, USA.
10.1109/sp.2016.62
[18]
Canonical (2022). Ubuntu Core—The Operating System Optimized for IoT and Edge, Canonical.
[19]
Werner, M., Unterluggauer, T., Schaffenrath, D., and Mangard, S. (2018, January 24–26). Sponge-Based Control-Flow Protection for IoT Devices. Proceedings of the 2018 IEEE European Symposium on Security and Privacy (EuroS&P), London, UK.
10.1109/eurosp.2018.00023
[20]
Shahzad, R.K. (2018, January 12–15). Android malware detection using feature fusion and artificial data. Proceedings of the 2018 IEEE 16th Intl Conf on Dependable, Autonomic and Secure Computing, 16th Intl Conf on Pervasive Intelligence and Computing, 4th Intl Conf on Big Data Intelligence and Computing and Cyber Science and Technology Congress (DASC/PiCom/DataCom/CyberSciTech), Athens, Greece.
10.1109/dasc/picom/datacom/cyberscitec.2018.00123
[21]
Cadar "Symbolic execution for software testing: Three decades later" Commun. ACM (2013) 10.1145/2408776.2408795
[22]
Vishnyakov, A., Fedotov, A., Kuts, D., Novikov, A., Parygina, D., Kobrin, E., Logunova, V., Belecky, P., and Kurmangaleev, S. (2020, January 10–11). Sydr: Cutting edge dynamic symbolic execution. Proceedings of the 2020 Ivannikov ISPRAS Open Conference (ISPRAS), Moscow, Russia.
10.1109/ispras51486.2020.00014
[23]
Cadar "KLEE symbolic execution engine in 2019" Int. J. Softw. Tools Technol. Transf. (2021) 10.1007/s10009-020-00570-3
[24]
Trabish, D., Kapus, T., Rinetzky, N., and Cadar, C. (2020, January 8–13). Past-sensitive pointer analysis for symbolic execution. Proceedings of the 28th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering 2020, Virtual.
10.1145/3368089.3409698
[25]
Poeplau, S., and Francillon, A. (2020, January 12–14). Symbolic execution with SymCC: Don’t interpret, compile!. Proceedings of the 29th USENIX Conference on Security Symposium 2020, Boston, MA, USA.
[26]
Amer "A dynamic Windows malware detection and prediction method based on contextual understanding of API call sequence" Comput. Secur. (2020) 10.1016/j.cose.2020.101760
[27]
Moore, E.F. (1959). Proceedings of the International Symposium on the Theory of Switching, Harvard University Press.
[28]
Information Theory and Statistical Mechanics
E. T. Jaynes
Physical Review
1957
10.1103/physrev.106.620
[29]
Berger, A.L. (1997). The Improved Iterative Scaling Algorithm: A Gentle Introduction, CMU School of Computer Science.
[30]
Vxheaven (2023, December 20). Org’s Website Mirror [EB/OL]. Available online: https://github.com/opsxcq/mirror-vxheaven.org.
[31]
Lai "Software behaviour analysis method based on behaviour template" Int. J. Simul. Process Model. (2018) 10.1504/ijspm.2018.091693
[32]
Chen, X., Ding, H., Fang, S., Li, Z., and He, X. (2017, January 25–27). A Defect Detection Technology Based on Software Behavior Decision Tree. Proceedings of the 2017 International Conference on Computer Systems, Electronics and Control (ICCSEC), Dalian, China.
10.1109/iccsec.2017.8446897
[33]
Xiao "Android malware detection based on system call sequences and LSTM" Multimed. Tools Appl. (2019) 10.1007/s11042-017-5104-0
Metrics
1
Citations
33
References
Details
- Published
- Feb 17, 2024
- Vol/Issue
- 16(2)
- Pages
- 249
- License
- View
Authors
Funding
Fundamental Research Funds for the Central Universities
Award: 2242022k60005
Purple Mountain Laboratories for Network and Communication Security, and National Science Foundation
Award: 2242022k60005
Cite This Article
Shuai Wang, Aiqun Hu, Tao Li, et al. (2024). Program Behavior Dynamic Trust Measurement and Evaluation Based on Data Analysis. Symmetry, 16(2), 249. https://doi.org/10.3390/sym16020249
Related
You May Also Like
A New Model for Determining Weight Coefficients of Criteria in MCDM Models: Full Consistency Method (FUCOM)
Dragan Pamucar, Zeljko Stević · 2018
693 citations
Identification of Apple Leaf Diseases Based on Deep Convolutional Neural Networks
Bin Liu, Dongjian He · 2017
636 citations
Within the Lack of Chest COVID-19 X-ray Dataset: A Novel Detection Model Based on GAN and Deep Transfer Learning
Mohamed Loey, Florentin Smarandache · 2020
449 citations
Solving Current Limitations of Deep Learning Based Approaches for Plant Disease Detection
Marko Arsenovic, Mirjana Karanovic · 2019
435 citations
A Modified CRITIC Method to Estimate the Objective Weights of Decision Criteria
Anath Rau Krishnan, Maznah Mat Kasim · 2021
341 citations