Abstract
The inconsistency is a major problem in security of information in computer is two ways: data inconsistency and application inconsistency. These two problems are raised due to bad structure of design in programming and create security breaches, vulnerable entries by exploiting application codes. So we can discover these anomalies by design of anomaly detection system (ADS) models at system programming (coding) levels with the help of machine learning. The security vulnerabilities (anomalies) are frequently occurred at potential code execution by exploitation or manipulation of instructions. So, in this paper we have specified various forms of extensions to our work to detect wide range of anomalies at coding exploits and use of a machine learning technique called Context Sensitive-Hidden Markov Model (CS-HMM) will improve the overall performance of ADS by discovering the correlations between control data instances. In this paper we are going to use Linux OS tracing kits to collect the necessary information such as control data instances (return addresses) collected from system as part of artificial learning. The results evaluated through practice on various programs developed for work and also uses of some Linux commands for tracing, finally compared performance of all those input datasets generated live (artificially). After that, the CS-HMM is applying to datasets to scrutinize the anomalies with similarity-search and correlation of function control data of program and classification process determines the anomalous outcomes.
Highlights
The anomalies such as control flow anomalies and data flow anomalies are commonly raised in execution of a contaminated program contains some exploits or manipulated coding lines
Detection is a generally an uninterrupted practice of identify the intrusive behavior of a system users or audit data or application data instances are generated during normal runs
The anomaly detection is incorporating the prior knowledge of intrusion occurrences can easy to handle the different variations of attacks compared to signature based anomaly detection system (ADS) only model the attacks pre-trained and static in the nature
Summary
The anomalies such as control flow anomalies and data flow anomalies are commonly raised in execution of a contaminated program contains some exploits or manipulated coding lines. Address boundaries and chances to exploit the control sequence of software applications running currently. This kind of problems are always to be lead for creation of potential security breaches if not solve as early possible in the unsafe memory based languages used in computer environment. Such kind of error pro occurances are creating overhead in the program development and large mainainance is necessary for industries producing large no. That the sequence of control pointers and list of occured data observations to be stored into some predefined structures by using some advanced Linux tracing tricks on memory segments. For quick data collection in Linux environment, the backtrace (bt) is very easiest method and other tricks such as PTRACE, STRACE, LTRACE and DTRACE methods are helpful to collect the data related instances and control related instances
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
