Network Security Metrics by Lingyu Wang Sushil Jajodia & Anoop Singhal

Author:Lingyu Wang, Sushil Jajodia & Anoop Singhal
Language: eng
Format: epub
Publisher: Springer International Publishing, Cham

2.3 Object Instance Graph

Due to system call operations, a system object may change its status as it interacts with other objects. For example, an “innocent” file may become “infected” if it is written by an infected process. Therefore, we use the term “instance” to represent a “version” of an object at a specific time. Different instances of the same object could have different infection status. In an object instance graph, each node is an instance, rather than an object. The object instance graphs capture the dependency relations among instances, and can thus reflect the infection causality relations among them as well.

Definition 1

Object Instance Graph [ 11 ]. If the system call trace in a time window T[t begin , t end ] is denoted as Σ T and the set of system objects (mainly processes, files or sockets) involved in Σ T is denoted as O T , then the object instance graph is a directed graph G T (V , E), where: V is the set of nodes, and initialized to empty set ;

Download

Copyright Disclaimer:
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.