期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

基于变长系统调用序列模式的入侵检测方法研究 被引量:2

Intrusion Detection Using Variable-length System Call Pattern
在线阅读 下载PDF
导出
摘要 提出了一种变长序列模式的寻找算法,从训练序列中找出一组基本相对独立的变长序列模式,并在模式集的更新过程中自动定义了模式间的前后次序关系,以此构建了一个描述进程执行模式的DFA。针对已有基于变长序列模式的模式匹配算法需要向前预测若干个系统调用号的缺点,设计了一个更好的模式匹配算法。实验结果表明,算法在模式寻找过程中是稳定的,并在保持小规模模式集的情况下,取得了很低的误报率和漏报率。 A new algorithm for the variable-length pattern from system call sequences is proposed. It is the way to present a novel simple technique to build a table of variable-length patterns from the training system call sequences , so as to find out a set of basic and relatively independent variable - length patterns. With this me - thod, all the possible relationships between the variable-length tation of the program is constructed, and an evaluation scheme patterns are found out. An exact DFA represen- is proposed for the variable-length patterns. The experimental results indicate that this algorithm can generate a relative small set of patterns, and obtain very low false positives and false negatives.
作者 李永忠 徐静 赵博 杨鸽
机构地区 江苏科技大学电子信息学院
出处 《江苏科技大学学报(自然科学版)》 CAS 北大核心 2007年第3期36-41,共6页 Journal of Jiangsu University of Science and Technology:Natural Science Edition
基金 江苏省教育厅 江苏科技大学资助课题(2005DX006J)
关键词 入侵检测 系统调用 模式匹配 变长序列模式 intrusion detection system call pattern matching variable-length pattern
分类号 TP393.08 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献10

  • 1[1]FORREST S,HOFMEYER A,SOMAYAJI A,et al.A sense of self for Unix processes[C]∥IEEE Symposium on Security and Privacy,Oakland,California,1996:120-128.
  • 2[2]LEE W,SALVATORE J.Data Mining Approaches for Intrusion Detection[C]∥Proceedings of the 7th USENIX Security Symposium,San Antonio,Texas,1998:26-29.
  • 3[3]ESKIN E,WENKE L,STOLFOS J.Modeling system calls for intrusion detection with dynamic window sizes[C]∥DARPA Information Survivability Conference & Exposition II,2001:165-175.
  • 4[4]KOSORESOWA P,HOFMEYER A.Intrusion detection via system call traces[J].IEEE Software,1997,5(14):35-42.
  • 5[5]WESPI A,DACIER M,DEBAR H.Intrusion Detection using variable-length audit trail patterns[C]∥Proceedings of RAID00,2000.
  • 6李永忠,孙彦,罗军生.WINEPI挖掘算法在入侵检测中的应用[J].计算机工程,2006,32(23):159-161. 被引量:11
  • 7[7]Data sets from the University of New Mexico[EB/OL].(2003-06-20)[2005-06-15].http://www.cs.unm.edu/~immsec/systemcalls.htm
  • 8[8]STEVEN A,HOFMEYER A,FORREST S,et al.Intrusion detection using sequences of system calls[J].Journal of Computer Security,1998,6(3):151-180.
  • 9[9]WARRENDER C,FORREST S,PEARLMUTTER B.Detecting intrusions using system calls:alternative data models[C]∥IEEE Symposium on Security and Privacy,1999:133-145.
  • 10[10]Data sets from DARPA[EB/OL].(1999-12-8)[2005-06-15].http://www.ll.mit.edu/IST/ideval/

二级参考文献3

  • 1Weeke L.A Data Mining for Constructing Feature and Model for Intrusion Detection System[D].Columbia:Columbia University,1999.
  • 2Weeke L,Stolfo J,Mok K W.Algorithms for Mining System Audit Data[C].Proceedings of the IEEE Symposium on Security and Privact,1999.
  • 3Peng N,Yun C,Reeves D S.Analyzing Intensive Intrusion Alerts via Correlation[C].Proc.of the 5^th International Symposium on Recent Advance in Intrusion Detection,Zurich,Switzerland,2002.

共引文献10

同被引文献25

  • 1李永忠,罗军生,孙彦.基于移动Agent的智能化入侵检测系统结构研究[J].计算机研究与发展,2006,43(z1):296-301. 被引量:7
  • 2彭宏.基于粗糙集理论的入侵检测方法研究[J].电子科技大学学报,2006,35(1):108-110. 被引量:13
  • 3李永忠,孙彦,罗军生.WINEPI挖掘算法在入侵检测中的应用[J].计算机工程,2006,32(23):159-161. 被引量:11
  • 4肖立中,邵志清,钱夕元.一种用于网络入侵检测的杂交聚类算法研究[J].计算机工程,2007,33(4):125-127. 被引量:10
  • 5Kennedy J,Eberhart R C.Swarm intelligence[M].San Francisco:Morgan Kaufmann Publishers,2001.
  • 6Eberhart R C,Kennedy J.A new optimizer using particle swarm theory[C]//Proceedings of the 6th Intnational Symposium on Micromachine and Human Science.Nagoya,Japan:[s.n.],1995:39-43.
  • 7Shi Y H,Eberhart R C.Parameter selection in particle swarm optimization[C]//Proceedings of the Annual Conference on Evolutionary Programming.Califonia,USA:[s.n.],1998.
  • 8Sun J,Xu W B.A global search strategy of quantum-behaved particle swarm optimization[C]//Proceedings of IEEE conference on Cybernetics and Intelligent Systems.Singapore:[s.n.],2004:111-116.
  • 9Luo Min,Wang Lina,Zhang Huanguo,et al.A research on intrusion detection based on unsupervised clustering and support vector machine[M].Berlin:Springer-Verlag,2003.
  • 10Chimphlee W,Abdullah A H.Integrating genetic algorithms and fuzzy c-means for anomaly detection[C]// Indicon,2005 Annual IEEE.[S.l.]:IEEE,2005:575-579.

引证文献2

二级引证文献5

江苏科技大学学报(自然科学版)
2007年 第3期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部