991 resultados para API system calls


Relevância:

100.00% 100.00%

Publicador:

Resumo:

In this paper we discuss our research in developing general and systematic method for anomaly detection. The key ideas are to represent normal program behaviour using system call frequencies and to incorporate probabilistic techniques for classification to detect anomalies and intrusions. Using experiments on the sendmail system call data, we demonstrate that we can construct concise and accurate classifiers to detect anomalies. We provide an overview of the approach that we have implemented

Relevância:

100.00% 100.00%

Publicador:

Resumo:

Fast spreading unknown viruses have caused major damage on computer systems upon their initial release. Current detection methods have lacked capabilities to detect unknown viruses quickly enough to avoid mass spreading and damage. This dissertation has presented a behavior based approach to detecting known and unknown viruses based on their attempt to replicate. Replication is the qualifying fundamental characteristic of a virus and is consistently present in all viruses making this approach applicable to viruses belonging to many classes and executing under several conditions. A form of replication called self-reference replication, (SR-replication), has been formalized as one main type of replication which specifically replicates by modifying or creating other files on a system to include the virus itself. This replication type was used to detect viruses attempting replication by referencing themselves which is a necessary step to successfully replicate files. The approach does not require a priori knowledge about known viruses. Detection was accomplished at runtime by monitoring currently executing processes attempting to replicate. Two implementation prototypes of the detection approach called SRRAT were created and tested on the Microsoft Windows operating systems focusing on the tracking of user mode Win32 API system calls and Kernel mode system services. The research results showed SR-replication capable of distinguishing between file infecting viruses and benign processes with little or no false positives and false negatives. ^

Relevância:

100.00% 100.00%

Publicador:

Resumo:

Fast spreading unknown viruses have caused major damage on computer systems upon their initial release. Current detection methods have lacked capabilities to detect unknown virus quickly enough to avoid mass spreading and damage. This dissertation has presented a behavior based approach to detecting known and unknown viruses based on their attempt to replicate. Replication is the qualifying fundamental characteristic of a virus and is consistently present in all viruses making this approach applicable to viruses belonging to many classes and executing under several conditions. A form of replication called self-reference replication, (SR-replication), has been formalized as one main type of replication which specifically replicates by modifying or creating other files on a system to include the virus itself. This replication type was used to detect viruses attempting replication by referencing themselves which is a necessary step to successfully replicate files. The approach does not require a priori knowledge about known viruses. Detection was accomplished at runtime by monitoring currently executing processes attempting to replicate. Two implementation prototypes of the detection approach called SRRAT were created and tested on the Microsoft Windows operating systems focusing on the tracking of user mode Win32 API system calls and Kernel mode system services. The research results showed SR-replication capable of distinguishing between file infecting viruses and benign processes with little or no false positives and false negatives.

Relevância:

90.00% 90.00%

Publicador:

Resumo:

Modern computer systems are plagued with stability and security problems: applications lose data, web servers are hacked, and systems crash under heavy load. Many of these problems or anomalies arise from rare program behavior caused by attacks or errors. A substantial percentage of the web-based attacks are due to buffer overflows. Many methods have been devised to detect and prevent anomalous situations that arise from buffer overflows. The current state-of-art of anomaly detection systems is relatively primitive and mainly depend on static code checking to take care of buffer overflow attacks. For protection, Stack Guards and I-leap Guards are also used in wide varieties.This dissertation proposes an anomaly detection system, based on frequencies of system calls in the system call trace. System call traces represented as frequency sequences are profiled using sequence sets. A sequence set is identified by the starting sequence and frequencies of specific system calls. The deviations of the current input sequence from the corresponding normal profile in the frequency pattern of system calls is computed and expressed as an anomaly score. A simple Bayesian model is used for an accurate detection.Experimental results are reported which show that frequency of system calls represented using sequence sets, captures the normal behavior of programs under normal conditions of usage. This captured behavior allows the system to detect anomalies with a low rate of false positives. Data are presented which show that Bayesian Network on frequency variations responds effectively to induced buffer overflows. It can also help administrators to detect deviations in program flow introduced due to errors.

Relevância:

90.00% 90.00%

Publicador:

Resumo:

The analysis of system calls is one method employed by anomaly detection systems to recognise malicious code execution. Similarities can be drawn between this process and the behaviour of certain cells belonging to the human immune system, and can be applied to construct an artificial immune system. A recently developed hypothesis in immunology, the Danger Theory, states that our immune system responds to the presence of intruders through sensing molecules belonging to those invaders, plus signals generated by the host indicating danger and damage. We propose the incorporation of this concept into a responsive intrusion detection system, where behavioural information of the system and running processes is combined with information regarding individual system calls.

Relevância:

90.00% 90.00%

Publicador:

Resumo:

The search for patterns or motifs in data represents an area of key interest to many researchers. In this paper we present the Motif Tracking Algorithm, a novel immune inspired pattern identification tool that is able to identify unknown motifs which repeat within time series data. The power of the algorithm is derived from its use of a small number of parameters with minimal assumptions. The algorithm searches from a completely neutral perspective that is independent of the data being analysed and the underlying motifs. In this paper the motif tracking algorithm is applied to the search for patterns within sequences of low level system calls between the Linux kernel and the operating system’s user space. The MTA is able to compress data found in large system call data sets to a limited number of motifs which summarise that data. The motifs provide a resource from which a profile of executed processes can be built. The potential for these profiles and new implications for security research are highlighted. A higher level system call language for measuring similarity between patterns of such calls is also suggested.

Relevância:

90.00% 90.00%

Publicador:

Resumo:

The analysis of system calls is one method employed by anomaly detection systems to recognise malicious code execution. Similarities can be drawn between this process and the behaviour of certain cells belonging to the human immune system, and can be applied to construct an artificial immune system. A recently developed hypothesis in immunology, the Danger Theory, states that our immune system responds to the presence of intruders through sensing molecules belonging to those invaders, plus signals generated by the host indicating danger and damage. We propose the incorporation of this concept into a responsive intrusion detection system, where behavioural information of the system and running processes is combined with information regarding individual system calls.

Relevância:

80.00% 80.00%

Publicador:

Resumo:

INTRODUCTION: Opportunistic fungal infections in immunocompromised hosts are caused by Candida species, and the majority of such infections are due to Candida albicans. However, the emerging pathogen Candida dubliniensis demonstrates several phenotypic characteristics in common with C. albicans, such as production of germ tubes and chlamydospores, calling attention to the development of stable resistance to fluconazole in vitro. The aim of this study was to evaluate the performance of biochemistry identification in the differentiating between C. albicans and C. dubliniensis, by phenotyping of yeast identified as C. albicans. METHODS: Seventy-nine isolates identified as C. albicans by the API system ID 32C were grown on Sabouraud dextrose agar at 30°C for 24-48h and then inoculated on hypertonic Sabouraud broth and tobacco agar. RESULTS: Our results showed that 17 (21.5%) isolates were growth-inhibited on hypertonic Sabouraud broth, a phenotypic trait inconsistent with C. albicans in this medium. However, the results observed on tobacco agar showed that only 9 (11.4%) of the growth-inhibited isolates produced characteristic colonies of C. dubliniensis (rough colonies, yellowish-brown with abundant fragments of hyphae and chlamydospores). CONCLUSIONS: The results suggest that this method is a simple tool for screening C. albicans and non-albicans yeast and for verification of automated identification.

Relevância:

80.00% 80.00%

Publicador:

Resumo:

An appropriate assessment of end-to-end network performance presumes highly efficient time tracking and measurement with precise time control of the stopping and resuming of program operation. In this paper, a novel approach to solving the problems of highly efficient and precise time measurements on PC-platforms and on ARM-architectures is proposed. A new unified High Performance Timer and a corresponding software library offer a unified interface to the known time counters and automatically identify the fastest and most reliable time source, available in the user space of a computing system. The research is focused on developing an approach of unified time acquisition from the PC hardware and accordingly substituting the common way of getting the time value through Linux system calls. The presented approach provides a much faster means of obtaining the time values with a nanosecond precision than by using conventional means. Moreover, it is capable of handling the sequential time value, precise sleep functions and process resuming. This ability means the reduction of wasting computer resources during the execution of a sleeping process from 100% (busy-wait) to 1-1.5%, whereas the benefits of very accurate process resuming times on long waits are maintained.

Relevância:

80.00% 80.00%

Publicador:

Resumo:

Aquest projecte es basa en la modificació del kernel (nucli) del sistema operatiu GNU/Linux per dotar-lo de la capacitat d'extreure estadístiques de les crides al sistema (syscalls). A partir de la compilació i instal·lació d'un nou nucli es registra la informació del nombre de vegades i la freqüència amb què es fan aquestes crides al sistema, i posteriorment es representa en un informe d'estadístiques explicatives.

Relevância:

80.00% 80.00%

Publicador:

Resumo:

Lactate has been shown to offer neuroprotection in several pathologic conditions. This beneficial effect has been attributed to its use as an alternative energy substrate. However, recent description of the expression of the HCA1 receptor for lactate in the central nervous system calls for reassessment of the mechanism by which lactate exerts its neuroprotective effects. Here, we show that HCA1 receptor expression is enhanced 24 hours after reperfusion in an middle cerebral artery occlusion stroke model, in the ischemic cortex. Interestingly, intravenous injection of L-lactate at reperfusion led to further enhancement of HCA1 receptor expression in the cortex and striatum. Using an in vitro oxygen-glucose deprivation model, we show that the HCA1 receptor agonist 3,5-dihydroxybenzoic acid reduces cell death. We also observed that D-lactate, a reputedly non-metabolizable substrate but partial HCA1 receptor agonist, also provided neuroprotection in both in vitro and in vivo ischemia models. Quite unexpectedly, we show D-lactate to be partly extracted and oxidized by the rodent brain. Finally, pyruvate offered neuroprotection in vitro whereas acetate was ineffective. Our data suggest that L- and D-lactate offer neuroprotection in ischemia most likely by acting as both an HCA1 receptor agonist for non-astrocytic (most likely neuronal) cells as well as an energy substrate.

Relevância:

80.00% 80.00%

Publicador:

Resumo:

Lactate has been shown to offer neuroprotection in several pathologic conditions. This beneficial effect has been attributed to its use as an alternative energy substrate. However, recent description of the expression of the HCA1 receptor for lactate in the central nervous system calls for reassessment of the mechanism by which lactate exerts its neuroprotective effects. Here, we show that HCA1 receptor expression is enhanced 24 hours after reperfusion in an middle cerebral artery occlusion stroke model, in the ischemic cortex. Interestingly, intravenous injection of L-lactate at reperfusion led to further enhancement of HCA1 receptor expression in the cortex and striatum. Using an in vitro oxygen-glucose deprivation model, we show that the HCA1 receptor agonist 3,5-dihydroxybenzoic acid reduces cell death. We also observed that D-lactate, a reputedly non-metabolizable substrate but partial HCA1 receptor agonist, also provided neuroprotection in both in vitro and in vivo ischemia models. Quite unexpectedly, we show D-lactate to be partly extracted and oxidized by the rodent brain. Finally, pyruvate offered neuroprotection in vitro whereas acetate was ineffective. Our data suggest that L- and D-lactate offer neuroprotection in ischemia most likely by acting as both an HCA1 receptor agonist for non-astrocytic (most likely neuronal) cells as well as an energy substrate.

Relevância:

80.00% 80.00%

Publicador:

Resumo:

In Brazil, the supplemental healthcare system is going through a transition period from the traditional Fee-for-service reimbursement system to the Package reimbursement system, similar to the American model known as the Diagnoses Related Groups (DRG) system. Although the Package concept is nothing new to the hospital environment, it is still seldom used since this system calls for a level of control and analytical knowledge of hospital costs that are poorly developed in Brazilian institutions. This study focuses on determining how much the reimbursement for a Myocardial Revascularization Package actually covers of the current costs for patients submitted to this procedure. A prospective analysis method for determining the cost per patient has been developed and 13 patients were individually followed-up during all their hospitalization period. The expenses with intensive care unit and in-patient clinical care, as well as the type of admittance - whether elective or emergency - were determined for each patient. Additionally, all the resources and materials for the surgical procedure were included, comprising specialized personnel, surgical fees, procedures and tests, biomedical equipment, and all the materials and medication used during the hospital stay. Based on this data, the current total costs were calculated and compared to the reimbursement for the Package previously agreed upon by the institution and the healthcare carriers. The study found an average cost of BR$ 8,826 for a Myocardial Revascularization surgical procedure, while the respective reimbursement for the Package is of BR$ 7,476. Therefore, the reimbursement does not cover the current costs of the procedure.

Relevância:

80.00% 80.00%

Publicador:

Resumo:

Alta disponibilidade (muitas vezes referenciada como HA, de High Availability) é uma característica de sistemas computacionais que são projetados para evitar ao máximo as interrupções, planejadas ou não, na prestação de serviços. Em alta disponibilidade, o ideal é haver poucas falhas e, mesmo quando estas acontecerem, que o seu tempo médio de reparo (ou MTTR, de Mean Time To Repair) seja tão pequeno quanto possível. Sistemas operacionais têm um papel importante em alta disponibilidade, sendo preferível o uso daqueles que possuam sistemas de arquivos seguros e relativamente independentes de ações por agentes humanos para a recuperação. Uma das abordagens para auxiliar a obter-se uma alta disponibilidade em sistemas de arquivos é a do tipo journaling, ou meta-data logging. Existe uma série de sistemas de arquivos para o sistema operacional Linux baseando-se nela, tais como ext3, JFS, ReiserFS e XFS. Este trabalho tem por objetivo propor uma metodologia de validação experimental para avaliar a eficiência do mecanismo para recuperação de sistemas de arquivos baseados em journaling, na ocorrência de falhas. Para isso, a técnica de validação empregada é a da injeção de falhas e o sistema sob teste é uma implementação do XFS. Foram utilizados os recursos de depuração do sistema operacional Linux (que permitem a utilização de métodos para interceptação e manipulação de chamadas de sistema) para a implementação de um injetor de falhas específico para sistemas de arquivos baseados em journaling, o qual foi chamado de FIJI (Fault Injector for Journaling fIlesystems). Manipular os parâmetros de chamadas de sistema (ou system calls) através do FIJI equivale a alterar as requisições feitas ao sistema operacional. A eficiência do mecanismo de journaling é medida injetando-se falhas e medindose o MTTR e a cobertura de falhas. Basicamente, o que procura-se fazer através do injetor de falhas FIJI é ignorar os logs do journaling e manipular uma quantidade de informações diferente daquela que foi solicitada originalmente.

Relevância:

80.00% 80.00%

Publicador:

Resumo:

O material apresenta as chamadas de sistema, ou system calls, que são rotinas de serviço oferecidas por um sistema operacional aos programas. Além de escalonar o uso do(s) processador(es) para a execução das instruções dos processos, o Sistema Operacional tem a função de prover serviços a esses processos. O material destaca ainda o código executado pelas chamadas de sistema que reside na memória; a portabilidade dos programas; e os tipos de chamadas de sistema nos sistemas operacionais Microsoft, Unix e Linux.