期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

基于机器学习的用户行为异常检测模型 被引量:8

Model of Anomaly Detection of User Behaviors Based on Machine Learning
在线阅读 下载PDF
导出
摘要 针对LaneT等人提出的用户行为异常检测模型的不足,提出了一种新的IDS异常检测模型。该模型改进了用户行为模式和行为轮廓的表示方式,采用了新的相似度赋值方法,在对相似度流进行平滑时引入了“可变窗长度”的概念,并联合采用多个判决门限对用户行为进行判决。基于Unix用户shell命令数据的实验表明,该文提出的检测模型具有更高的检测性能。 An anomaly detection model originated by Lane T is briefly introduced.Then a new anomaly detection model based on machine learning is presented,The model uses shell command sequences of variable length to represent a valid user's behavior patterns and uses more than one dictionaries of shell command sequences to build the user's behavior profile.While performing detection,the model digs behavior patterns by sequence matching method and evaluates the similarities of the corresponding command sequences to the dictionaries.The two models are tested with Unix users' shell command data.The results show that the new model originated by us has higher detection performance.
作者 田新广 孙春来 段洣毅 钱小军 邱志明
机构地区 北京交通大学计算技术研究所 海军装备研究院博士后工作站
出处 《计算机工程与应用》 CSCD 北大核心 2006年第19期101-103,111,共4页 Computer Engineering and Applications
关键词 入侵检测 异常检测 行为模式 机器学习 相似度 intrusion detection, anomaly detection, behavior pattern, machine learning, similarity measure
分类号 TP393 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献7

  • 1Lane T.Machine learning techniques for the computer security domain of anomaly detection[D].Ph D Thesis.Purdue University,2000
  • 2Lee W,Dong X.Information-Theoretic measures for anomaly detection[C].In:Proceedings of the 2001 IEEE Symposium on Security and Privacy,Oakland,USA,2001:130~ 134
  • 3Lane T,Brodley C E.Temporal sequence learning and data reductin for anomaly detection[J].ACM Transactions on Information and System Security,1999; (2):295~331
  • 4Warrender C,Forrest S,Pearlmutter B.Detecting Intrusions Using System Calls:Alternative Data Models[C].In:Proceedings the 1999 IEEE Symposium on Security and Privacy,Berkely,California,USA:IEEE Computer Society,1999:133~145
  • 5Kosoresow A P,Hofmeyr S A.A shape of self for UNIX processes[J].IEEE Software,1997;14(5):35~42
  • 6连一峰,戴英侠,王航.基于模式挖掘的用户行为异常检测[J].计算机学报,2002,25(3):325-330. 被引量:85
  • 7田新广,高立志,李学春,张尔扬.一种基于隐马尔可夫模型的IDS异常检测新方法[J].信号处理,2003,19(5):420-424. 被引量:6

二级参考文献11

  • 1[1]Lee Wenke, Stolfo S J. Data mining approaches for intrusion detection. In: Proc the 7th USENIX Security Symposium, San Antonio, TX, 1998
  • 2[2]Lee Wenke, Stolfo S J, Mok K W. A data mining framework for building intrusion detection models. In: Proc the 1999 IEEE Symposium on Security and Privacy, Berkely, California, 1999. 120-132
  • 3[3]Lee Wenke. A data mining framework for constructing features and models for intrusion detection systems[Ph D dissertation]. Columbia University, 1999
  • 4[4]Paxson Vern. Bro: A system for detecting network intruders in real-time. In: Proc the 7th USENIX Security Symposium, San Antonio, TX, 1998
  • 5[5]Agrawal Rakesh, Srikant Ramakrishnan. Fast algorithms for mining association rules. In: Proc the 20th International Conference on Very Large Databases, Santiago, Chile, 1994
  • 6[6]Agrawal Rakesh, Srikant Ramakrishnan. Mining sequential patterns. IBM Almaden Research Center, San Jose, California:Research Report RJ 9910, 1994
  • 7[7]Chen M, Han J, Yu P. Data mining: An overview from database perspective. IEEE Trans Knowledge and Data Engineeing, 1996,8(6):866-883
  • 8Lane T. Machine learning techniques for the computer security domain of anomaly detection [D].Purdue University, 2000.
  • 9Warrender C, Forrest S. Pearlmutter B. Detecting intru-sions using system calls: altematived.t, models[A].Proceedings of the 1999 IEEE Symposium on Security and Privacy[C]. Berkely, California, USA: IEEE Compu-ter Society, 1999:133-145.
  • 10Rabiner L R, Juang B H. An introduction to hidden Markov models[J]. IEEE ASSP Magazine, 1986(1): 4-16.

共引文献85

同被引文献49

引证文献8

二级引证文献32

计算机工程与应用
2006年 第19期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部