期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

基于LDA模型的主机异常检测方法 被引量:5

A HOST ANOMALY DETECTION METHOD BASED ON LDA MODEL
在线阅读 下载PDF
导出
摘要 基于系统调用序列的入侵检测是分析主机系统调用数据进而发现入侵的一种安全检测技术,其关键技术是如何能够更准确地抽取系统调用序列的特征,并进行分类。为此,引进LDA(Latent Dirichlet Allocation)文本挖掘模型构建新的入侵检测分类算法。该方法将系统调用短序列视为word,利用LDA模型提取进程系统调用序列的主题特征,并结合系统调用频率特征,运用kNN(k-Nearest Neighbor)分类算法进行异常检测。针对DAPRA数据集的实验结果表明,该方法提高了入侵检测的准确度,降低了误报率。 The technique of intrusion detection based on sequence of host system call is a security detection technique mainly focusing on analysing the data set of host sys'tem call and further finding the intrusion. Its key technology relies on how to extract the characteristics of sys- tem call sequence more accurately and then followed by classification. In this paper, aiming at this, LDA (Latent Dirichlet Allocation) text mining model is introduced to build a new intrusion detection classification algorithm. In this method, topic characteristics of system call se- quence are extracted using LDA model which the short sequence of system call is regarded by the method as word. Combined with the fre- quency characteristics of system calls, kNN ( k-Nearest Neighbor) classification algoi'ithm is used for anomaly detection. Experiment is evalu- ated on 1998 DAPRA data set, the result shows that the method improves the accuracy of intrusion detection, and reduces the false alarm rate.
作者 贺喜 蒋建春 丁丽萍 王永吉 廖晓峰
机构地区 中国科学院软件研究所基础软件国家工程研究中心 中国科学院研究生院
出处 《计算机应用与软件》 CSCD 北大核心 2012年第8期1-4,24,共5页 Computer Applications and Software
基金 国家自然科学基金重大项目(91124001) "核高基"基础软件重大专项(2010ZX01036-001-002) 中国科学院知识创新工程重要方向项目(KGCX2-YW-125)
关键词 异常检测 系统调用 LDA模型 Anomaly detection System call LDA model
分类号 TP393.08 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献14

  • 1Ko C, Fink G, Levitt K. Automated detection of vulnerabilities in privi- ledged programs by execution monitoring [ C ]//Proceedings of the 10^th Annual Computers Security Applications Conference. 1994:134-144.
  • 2Hofmeyr S A, Somayaji A, Forrest S. Intrusion Detection System Using Sequences of System Calls [ J]. Journal of Computer Security, 1998,6 (3) : 151 -180.
  • 3Warrender C, Forrest S, Pearlmutter B. Detecting intrusions using sys- tem calls: alternative data models[ C]//Proceedings of 1999 IEEE Symposium on Security and Privacy, 1999:133 -145.
  • 4Lee W, Stolfo S J. Data mining approaches for intrusion detection [ C ]//Proceedings of the seventh USENIX Security Symposium, 1998:6.
  • 5Lee W, Stolfo S J, Chan P K. Learning patterns from Unix process ex- ecution traces for intrusion detection [ C ]//Proceedings of AAAI97 Workshop on AI Methods in Fraud and Risk Management, 1997:50 -56.
  • 6Forrest S, Hofmeyr S A, Somayaji A, et al. A sense of self for UNIX processes[ C ]//Proceedings of the 1996 IEEE Symposium on Security and Privacy, 1996 : 120 - 128.
  • 7Liao Y, Vemuri V R. Use of k - nearest neighbor classifier for intrusion detection [ J ]. Computers Security, 2002,21 (5) :439 - 448.
  • 8Blei D M,Ng A Y, Jordan M I. Latent Dirichlet Allocation[J]. Jour- nal of Machine Learning Research, 2003 (3) :993 -1022.
  • 9Griffiths T L, Steyvers M. Finding scientific topics[ C ]//Proceedings of the National Academy of Sciences of the United States of America 101, 2004:5228 - 5235 .
  • 10Barreno M, Nelson B, Sears R, et al. User model tranfffer for E-mail vi- res detection [ C 1//First Workshop on Tackling Computer System Prob- lems witll Machine Learning Techniques( SysML), 2006.

二级参考文献23

  • 1苏金树,张博锋,徐昕.基于机器学习的文本分类技术研究进展[J].软件学报,2006,17(9):1848-1859. 被引量:394
  • 2伍建军,康耀红.文本分类中特征降维方式的研究[J].海南大学学报(自然科学版),2007,25(1):62-66. 被引量:4
  • 3Androutsopoulos,Koutsias J,Chandrinos K V,et al.An evaluation of naive bayesian anti-spare filtering[C]//Proceedings of the Workshop on Machine Learning in the New Information Age, 2000.
  • 4Dasgupta A,Drineas P,Harb B,et al.Feature selection methods for text classification[C]//KDD'07 Research Track Papers.ACM Press, 2007 : 230-239.
  • 5Forman G.An extensive empirical study of feature selection metrics for text elassification[J].Journal of Machine Learning Research, 2003,3 : 1289-1305.
  • 6SchUtze H,Hull D A,Pedersen J O.A comparison of classifiers and document representations for routing problem[C]//18th Ann Int ACM SIGIR Conference on Research and Development in Information Retrieval(SIGIR'95), 1995:229-237.
  • 7Yang Y,Pedersen J O.A comparative study on feature selection in text categorization[C]//Proceedings of ICML-97,14th International Conference on Machine Learning,Nashville,US.San Francisco: Morgan Kaufmann Publishers, 1997 : 412-420.
  • 8Jiang Wei,Guan Yi,Wang Xiaolong.Improving feature extraction in named entity recognition based on maximum entropy modd[C]//The 2006 International Conference on Machine Learning and Cybernetics(ICMLC2006 ), China, 2006: 2630-2635.
  • 9Lewis D D,Ringuette M.Comparison of two learning algorithms for text categorization[C]//Proceedings of the 3nd Annual Symposium on Document Analysis and Information Retrieval(SDAIR'94),1994.
  • 10Kevin R G.Using latent semantic indexing to filter spam[C]//ACM Symposium on Applied Computing, Data Mining Trace,2003:460- 464.

共引文献61

同被引文献49

  • 1岳建海,裘正定.信号处理技术在滚动轴承故障诊断中的应用与发展[J].信号处理,2005,21(2):185-190. 被引量:14
  • 2田新广,高立志,孙春来,张尔扬.基于系统调用和齐次Markov链模型的程序行为异常检测[J].计算机研究与发展,2007,44(9):1538-1544. 被引量:19
  • 3周宏仁,唐铁汉. 网络舆情电子政务知识读本[M]. 北京:国家行政学院出版社,2002.
  • 4BLEI T D, NG A, JORDAN M.Latent dirichlet allocation [J]. Journal of Machine Learning Research, 2003(3): 993-1022.
  • 5Li B, Chow M Y, Tipsuwan Y, et al. Nearal Network Based Motor Rolling Bearing Fault Diagnosis [ J ]. IEEE Transactions on Industrial Electronics, 2000,47 ( 5 ) : 1 060-1069.
  • 6Fu Z, Brown D J, Haynes B P. A New Method of Non -Stationary Signal Analysis for Control Motor Bearing Fault Diagnosis[ C ]//2003 IEEE International Sympo- sium on Intelligent Signal Processing. IEEE, 2003:99 - 104.
  • 7Sracl I, Alguindigne E. Monitoring and Diagnosis of Rolling Element Bearings Using Artifical Neural Net- work [ J ]. IEEE Transactions. On Industrial Electronics, 1993,40 (20) :623 - 628.
  • 8于满云,邵强,胡红英,等.小波分析及其在轴承诊断中的应用[J].大连大学学报,2004(6):64-67.
  • 9Bosch A, Munoz X. Which is the Best Way to Organ- ize/Classify Images by Content [ J ]. Image and Vision Computing,2007,25 (6) :778 - 791.
  • 10Nikolaou N G,Antoniadis I A. Rolling Element Bearing Fault Diagnosis Using Wavelet Packets [ J]. Nodestruc- tive Testing and Evaluation International ,2002,35 ( 3 ) : 197 - 205.

引证文献5

二级引证文献42

计算机应用与软件
2012年 第8期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部