期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

基于文法的异常检测 被引量:3

Anomaly detection based on grammar
在线阅读 下载PDF
导出
摘要 为了解决现有异常检测技术除了简单报警外不能提供任何有用信息的问题,提出了一种新的异常检测方法.将服务器程序的运行踪迹通过一个由系统调用、操作、事务、活动组成的层次结构模型表示,利用关键系统调用及其参数和返回值,对正常运行踪迹按层次结构模型进行分割,从中学习描述程序正常行为模式的上下文无关文法,并以标注的形式为文法产生式附加语义信息.测试实验结果表明,该方法不仅能够有效检测利用安全漏洞进行的各种攻击,而且可以对入侵事件进行分析,提供包括入侵者IP地址在内的详细报告. Current anomaly detection technique cannot provide any valuable information except simple alarm. To resolve this problem, a new anomaly detection method was proposed. The system call traces are represented as a kind of hierarchy model composed of system call, operation, transition and activity, while the normal program behavior is described using a context-free grammar with semantic labels attached. Some key system calls and their parameters or return values are used to segment and learn normal traces. Experimental results show that this method can effectively detect attacks exploiting vulnerabilities, and can also analyze anomaly scenes and provide much information on anomalous events including intruders' IP addresses.
作者 黄金钟 朱淼良 郭晔
机构地区 浙江大学计算机科学与技术学院
出处 《浙江大学学报(工学版)》 EI CAS CSCD 北大核心 2006年第2期243-248,共6页 Journal of Zhejiang University:Engineering Science
关键词 异常检测 入侵检测 网络安全 系统调用 anomaly detection intrusion detection network security system call
分类号 TP393 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献15

  • 1WAGNER D,DEAN D.Intrusion detection via static analysis[C]// IEEE Symposium on Security & Privacy.Berkeley:IEEE,2001:156-168.
  • 2KO C,FINK G,LEVITT K.Automated detection of vulnerabilities in privileged programs by execution monitoring[C]// Proceeding of the 10th Annual Computer Security Applications Conference.Orlando:IEEE,1994:134-144.
  • 3FORREST S,HOFMEYR S A,SOMAYAJI A,et al.A sense of self for Unix processes[C]// IEEE Symposium on Computer Security & Privacy.Los Alamos:IEEE,1996:120-128.
  • 4ESKIN E,LEE W,STOLFO S J.Modeling system calls for intrusion detection with dynamic window sizes[C]// Proceedings of DISCEX Ⅱ.Anaheim:[s.N.],2001:165-175.
  • 5WESPI A,DACIER M,DEBAR H.Intrusion detection using variable-length audit trail patterns[C]// Proceeding of the 3rd International Workshop on the Recent Advances in Intrusion Detection(RAID ' 2000).Toulouse:[s.n.],2000:110-129.
  • 6LEE W,STOLFO S J,CHAN P K,et al.Real time data mining-based intrusion detection[C]// Proceeding of the 2nd DARPA Information Survivability Conference & Exposition Ⅱ.Anaheim:IEEE,2001:89-100.
  • 7徐明,陈纯,应晶.基于系统调用分类的异常检测(英文)[J].软件学报,2004,15(3):391-403. 被引量:27
  • 8蔡忠闽,管晓宏,邵萍,彭勤科,孙国基.基于粗糙集理论的入侵检测新方法[J].计算机学报,2003,26(3):361-366. 被引量:57
  • 9MICHAEL C,GHOSH A.Simple,state-based approaches to program-based anomaly detection[J].ACM Transactions on Information & System Security(TISSEC),2002,5(3):203-237.
  • 10SEKAR R,BENDRE M,DHURJATI D,et al.A fast automaton-based method for detecting anomalous program behaviors[C]// IEEE Computer Society.Oakland:IEEE,2000:144-155.

二级参考文献26

  • 1Debar H, Dacier M, Wespi A. Toward a taxonomy of intrusion-detection systems. Computer Networks, 1999,31(8):805-822.
  • 2Ye N, Li XY, Chen Q, Emran SM, Xu MM. Probabilistic techniques for intrusion detection based on computer audit data IEEE Trans. on Systems, Man, and Cybernetics-Part A: Systems and Humans, 2001,31(4):266-274.
  • 3Ko C, Fink G, Levitt K. Automated detection of vulnerabilities in privileged programs byexecution monitoring. In: Proc. of the 10th Annual Computer Security Applications Conf Orlando: IEEE Computer Society Press 1994. 134~144.
  • 4Bernaschi M, Gabrielli E, Mancini LV. REMUS: A security-enhanced operating system. ACM Trans. on Information and System Security, 2002,5(1):36-61.
  • 5Goldberg I, Waqner D, Thomas R, Brewer EA. A secure environment for untrusted helper applications. In: Proc. of the 6th USENIX UNIX Security Symp San Jose: USENIX, 1996. 1-13.
  • 6Marty R. Snort-Lightweight intrusion detection for networks In: Proc. of the 13th Conf. on Systems Administration. Washington:USENIX, 1999.229-238.
  • 7Warrender C, Forrest S, Pearlmutter B. Detecting intrusions using system calls:alternative data models. In: Proc. of the 1999 IEEE Symp. on Security and Privacy. Oakland: IEEE Computer Society Press, 1999. 133~145.
  • 8Hofmeyr SA, Forrest S, Somayaji A. Intrusion detection using sequences of system calls Journal of Computer Security, 1998,6(3):151-180.
  • 9Lee W, Stolfo S J, Chan PK, Eskin E, Fan W, Miller M, Hershkop S, 2hang J. Real time data mining-based intrusion detection. In:Proc. of the 2nd DARPA Information Survivability Conf & Exposition II. Anaheim: IEEE Computer Society Press, 2001.89 ~100.
  • 10Lee SC, Heinbuch DV. Training a neural-network based intrusion detector to recognize novel attacks, IEEE Trans. on Systems,Man, and Cybernetics-Part A: Systems and Humans, 2001,31(4):294-299.

共引文献79

同被引文献158

引证文献3

二级引证文献20

浙江大学学报(工学版)
2006年 第2期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部