期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

基于系统调用和数据挖掘的程序行为异常检测 被引量:4

Anomaly Detection of Program Behaviors Based on System Calls and Data Mining
在线阅读 下载PDF
导出
摘要 异常检测是目前入侵检测研究的主要方向之一。该文提出一种新的程序行为异常检测方法,主要用于Linux或Unix平台上以系统调用为审计数据的入侵检测系统。该方法利用数据挖掘技术中的序列模式对特权程序的正常行为进行建模,根据系统调用序列的支持度和可信度在训练数据中提取正常模式。在检测阶段,通过序列模式匹配对被监测程序的行为异常程度进行分析,提供两种可选的判决方案。实验结果表明,该方法具有良好的检测性能。 Anomaly detection acts as one of the important directions of research on intrusion detection. This paper presents a new method for anomaly detection of program behaviors, which is applicable to intrusion detection systems using system calls as audit data on Linux or Unix platform. The method uses sequence patterns in data mining technique to model the normal behavior of a privileged program, and extracts normal system call sequences according to their support and confidence in the training data. At the detection stage, system call sequences are matched to perform the comparison of the historic behaviors and current behaviors, and then two alternative schemes can be used to distinguish between normal and anomalous behaviors. The experimental results show that the method can achieve high detection performance.
作者 田新广 邱志明 李文法 孙春来 段洣毅
机构地区 海军装备研究院博士后工作站 北京交通大学计算技术研究所
出处 《计算机工程》 CAS CSCD 北大核心 2008年第2期1-3,共3页 Computer Engineering
基金 国家“973”计划基金资助项目(2004CB318109) 国家“863”计划基金资助项目(863-307-7-5) 国家242信息安全计划基金资助项目(2005C39)
关键词 入侵检测 异常检测 系统调用 数据挖掘 intrusion detection anomaly detection system call data mining
分类号 TP393 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献6

  • 1Lane T, Carla E B. An Empirical Study of Two Approaches to Sequence Learning for Anomaly Detection[J]. Machine Learning, 2003, 51(1): 73-107.
  • 2Yan Qiao, Xie Weixin, Yang Bin. An Anomaly Intrusion Detection Method Based on HMM[J]. Electronics Letters, 2002, 38(13): 663-664.
  • 3Lee W, Dong X. Information Theoretic Measures for Anomaly Detection[C]//Proc. of the IEEE Symposium on Security and Privacy. Oakland, USA: [s. n.], 2001: 130-134.
  • 4Hofmeyr S A, Forrest S, Somayaji A. Intrusion Detection Using Sequences of System Calls[J]. Journal of Computer Security, 1998, 6(3): 151-180.
  • 5孙宏伟,田新广,李学春,张尔扬.一种改进的IDS异常检测模型[J].计算机学报,2003,26(11):1450-1455. 被引量:21
  • 6田新广,高立志,张尔扬.新的基于机器学习的入侵检测方法[J].通信学报,2006,27(6):108-114. 被引量:15

二级参考文献15

  • 1Lane T,Brodley C E. An application of machine learning to anomaly detection. In:Proceedings of the 20th National Informa-tion Systems Security Conference,Baltimore Marylard, USA, 1997.366~377
  • 2Kosoresow A P,Hofmeyr S A. A shape of self for UNIX processes. IEEE Software,1997,14(5):35~42
  • 3Lee W,Stolfo S J. Data mining approaches for intrusion detection. In:Proceedings of the 7th USENIX Security Symposium,San Antonio, Texas, USA, 1998. 66~72
  • 4ISS.Network-Vs. Host-Based Intrusion Detection, 1998
  • 5Lane T. Machine learning techniques for the computer security domain of anomaly detection[Ph D dissertation]. Purdue University,2000
  • 6LANE T.Machine Learning Techniques for the Computer Security Domain of Anomaly Detection[D].Purdue University,2000.
  • 7LANE T,BRODLEY C E.An application of machine learning to anomaly detection[A].Proceedings of the 20th National Information Systems Security Conference[C].1997.366-377.
  • 8LEE W,DONG X.Information-theoretic measures for anomaly detection[A].Proceedings of the 2001 IEEE Symposium on Security and Privacy[C].2001.130-134.
  • 9WARRENDER C,FORREST S,PEARLMUTTER B.Detecting intrusions using system calls:alternative data models[A].Proceedings the 1999 IEEE Symposium on Security and Privacy[C].Berkely,California,USA:IEEE Computer Society,1999.133-145.
  • 10KOSORESOW A P,HOFMEYR S A.A shape of self for UNIX processes[J].IEEE Software,1997,14(5):35-42.

共引文献28

同被引文献26

引证文献4

二级引证文献14

计算机工程
2008年 第2期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部