Skip to main content
SpringerLink
Log in

Supervisory Control of Malicious Executables in Software Processes

  • Chapter
Quantitative Measure for Discrete Event Supervisory Control

  • 467 Accesses

Summary

This chapter models the execution of a software process as a discrete event system that can be represented by a Deterministic Finite State Automaton (DFSA) in the discrete event setting. Supervisory Control Theory (SCT) is applied for on-line detection of malicious executables and prevention of their spreading. The language measure theory, described in Chapter 1, is adapted for performance evaluation and comparison of the unsupervised process automaton and five different supervised process automata. Simulation experiments under different scenarios show the rate of correct detection of malicious executables to be 88.75%.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
eBook
USD 16.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 109.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. S. T. Eckmann, G. Vigna, and R.A. Kemmerer, Statl: An attack language for state-based intrusion detection, Proceedings of the ACM workshop on Intrusion Detection (Athens, Greece), November 2000.

    Google Scholar 

  2. E. Eskin and W. Lee, Modeling system calls for intrusion detection with dynamic window sizes, Proceedings of DISCEX II, 2001.

    Google Scholar 

  3. S. Forrest, S. A. Hofmeyr, and A. Somayaji, Intrusion detection using system calls, Journal of computer society 6 (1998), no. 3, 151–180.

    Google Scholar 

  4. S. Forrest, S. A. Hofmeyr, A. Somayaji, and T. A. Longstaff, A sense of self for unix processes, Proceedings of the 1996 IEEE Symposium on Security and Privacy, 1996, pp. 120–128.

    Google Scholar 

  5. S. Forrest, A.S. Perlelson, L. Allen, and R. Cherukuri, Self-noneself discrimination in a computer, Proceedings of IEEE Symposium on research in Security and Privacy, 1994.

    Google Scholar 

  6. S. Forrest, C. Warrender, and B. Pearlmutter, Detecting intrusion using system calls: Alternative data models, Proceedings of the 1999 IEEE Symposium on Security and Privacy, 1999, pp. 133–145.

    Google Scholar 

  7. A.K. Ghosh, A. Schwartzbard, and M. Schatz, Learning program behavior profiles for intrusion detection, Proceedings of the 1st USENIX Workshop on Intrusion Detection and Networking Monitoring, 1999.

    Google Scholar 

  8. K. Goseva-Popstojanova, F. Wang, R. Wang, F. Gong, K. Vaidyanathan, K. Trivedi, and B. Muthusamy, Characterizing intrusion tolerant systems using a state transition model, Proceedings of DARPA Information Survivability Conference and Exposition II (DISCEX’01), 2001.

    Google Scholar 

  9. K. Ilgun, Ustat: A real time intrusion detection system for unix, Proceedings of the 1993 IEEE Symposium on Research in Security and Privacy, 1993.

    Google Scholar 

  10. K. Ilgun, R. A. Kemmerer, and P. A. Porras, State transition analysis: a rule-based intrusion detection approach, IEEE Transactions on software engineering 21 (1995), no. 3.

    Google Scholar 

  11. G. Karsai and A. Ledeczi, An approach to self adaptive software based on supervisory control, IWSAS 2001 (Balatonfured, Hungary), 2001.

    Google Scholar 

  12. J.O. Kephart and S.R. White, How prevalent are computer viruses, High Integrity Computing Laboratory, http://www.research.ibm.com/antivirus/SciPapers/Kephart/DPMA92/dpma92.html.

    Google Scholar 

  13. R. Kumar and M. Fabian, Supervisory control of partial specification arising in protocol conversion, 35th Allerton Conference on Communication, Control and computing (Urbana-Champaign, Illinois), 1997, pp. 543–552.

    Google Scholar 

  14. S. Kumar and E. H. Spafford, A generic virus scanner in C++, Proceedings of the 8th Computer Security Applications Conference, IEEE press, 1992.

    Google Scholar 

  15. B. LeCharlier and M. Swimmer, Dynamic detection and classification of computer viruses using general behavior patterns, Proceedings of Fifth International Virus Bulletin Conference, September 20–22 1995, p. 75.

    Google Scholar 

  16. W. Lee and S.J. Stolfo, Data mining approaches for intrusion detection, Proceedings of the Seventh USENIX Security Symposium (SECURITY’ 98) (San Antonio, TX), January 1998.

    Google Scholar 

  17. R.B. Levin, The computer virus handbook, Osbrne McGraw-Hill, 1990, ISBN 0-07-881047-5.

    Google Scholar 

  18. C.C. Michael and A. Ghosh, Using finite automata to mine execution data for intrusion detection: a preliminary report, Proc. RAID 2000, 2000, pp. 133–145.

    Google Scholar 

  19. N. Nuansri, S. Singh, and T.S. Dillon, A process state-transition analysis and its application to intrusion detection, AC-SAC 1999, 1999, pp. 378–388.

    Google Scholar 

  20. Y. Okazaki, I. Sato, and S. Goto, A new intrusion detection method based on process profiling, Proceedings of the 2002 Symposium on Applications and the Internet (SAINT) (Nara City, Nara, Japan), Jan 28–Feb 01 2002.

    Google Scholar 

  21. V. Phoha, X. Xu, A. Ray, and S. Phoha, Supervisory control automata paradigm to make malicious executables ineffectual, Proceedings of the 5th IFAC Symposium on Fault Detection, Supervision and Safety (Washington, D.C), June 2003.

    Google Scholar 

  22. P.J. Ramadge and W.M. Wonham, Supervisory control of a class of discrete event processes, SIAM J. Control and Optimization 25 (1987), no. 1, 206–230.

    Article  MATH  MathSciNet  Google Scholar 

  23. M. G. Schultz, E. Eskin, E. Zadok, and S.J. Stolfo, Data mining methods for detection of new malicious executables, Proceedings of IEEE Symposium on Security and Privacy (Oakland, CA), May 2001.

    Google Scholar 

  24. A. Solomon and T. Kay, Dr. Solomon’s pc anti-virus book, Newtech, 1994, ISBN 0750616148.

    Google Scholar 

  25. E.H. Spafford, Computer viruses as artificial life, Journal of Artificial life 1 (1994), no. 3, 249–265.

    Article  Google Scholar 

  26. D. Spinellis, Trace: A tool for logging operating system call transactions, Operating Systems Review 28 (1994), no. 4, 56–63.

    Article  Google Scholar 

  27. A. Surana and A. Ray, Signed real measure of regular languages, Demonstratio Mathematica 37 (2004), no. 2, 485–503.

    MATH  MathSciNet  Google Scholar 

  28. C. Wallace, P. Jensen, and N. Soparkar, Supervisory control of workflow scheduling, Proceedings of International Workshop on Advanced Transaction Models and Architectures (Goa), August–September 1996.

    Google Scholar 

  29. X. Wang and A. Ray, A language measure for performance evaluation of discrete-event supervisory control systems, Applied Mathematical Modelling 28 (2004), no. 9, 817–833.

    Article  MATH  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Louisiana Tech University, LA, 71272

    Xin Xu & Vir V. Phoha

  2. The Pennsylvania State University, University Park, PA, 16802

    Asok Ray & Shashi Phoha

Authors
  1. Xin Xu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Vir V. Phoha
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Asok Ray
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Shashi Phoha
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. The Pennsylvania State University, University Park, PA, USA

    Asok Ray

  2. Louisiana Tech University, Ruston, LA, USA

    Vir V. Phoha

  3. N.I.S.T.-Information Technology Laboratory, Gaithersburg, MD, 20899, USA

    Shashi P. Phoha

Rights and permissions

Reprints and permissions

Copyright information

© 2005 Springer Science+Business Media, Inc.

About this chapter

Cite this chapter

Xu, X., Phoha, V.V., Ray, A., Phoha, S. (2005). Supervisory Control of Malicious Executables in Software Processes. In: Ray, A., Phoha, V.V., Phoha, S.P. (eds) Quantitative Measure for Discrete Event Supervisory Control. Springer, New York, NY. https://doi.org/10.1007/0-387-23903-0_9

Download citation

  • DOI: https://doi.org/10.1007/0-387-23903-0_9

  • Publisher Name: Springer, New York, NY

  • Print ISBN: 978-0-387-02108-9

  • Online ISBN: 978-0-387-23903-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation